]>
Commit | Line | Data |
---|---|---|
aba3e65f DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
b6b66573 | 5 | openssl-dsa - DSA key processing |
aba3e65f DSH |
6 | |
7 | =head1 SYNOPSIS | |
8 | ||
9 | B<openssl> B<dsa> | |
169394d4 | 10 | [B<-help>] |
aba3e65f DSH |
11 | [B<-inform PEM|DER>] |
12 | [B<-outform PEM|DER>] | |
13 | [B<-in filename>] | |
a3fe382e | 14 | [B<-passin arg>] |
aba3e65f | 15 | [B<-out filename>] |
a3fe382e | 16 | [B<-passout arg>] |
fc1d88f0 RS |
17 | [B<-aes128>] |
18 | [B<-aes192>] | |
19 | [B<-aes256>] | |
d42d0a4d P |
20 | [B<-aria128>] |
21 | [B<-aria192>] | |
22 | [B<-aria256>] | |
fc1d88f0 RS |
23 | [B<-camellia128>] |
24 | [B<-camellia192>] | |
25 | [B<-camellia256>] | |
aba3e65f DSH |
26 | [B<-des>] |
27 | [B<-des3>] | |
28 | [B<-idea>] | |
29 | [B<-text>] | |
30 | [B<-noout>] | |
31 | [B<-modulus>] | |
32 | [B<-pubin>] | |
33 | [B<-pubout>] | |
bfa35550 | 34 | [B<-engine id>] |
aba3e65f DSH |
35 | |
36 | =head1 DESCRIPTION | |
37 | ||
38 | The B<dsa> command processes DSA keys. They can be converted between various | |
39 | forms and their components printed out. B<Note> This command uses the | |
40 | traditional SSLeay compatible format for private key encryption: newer | |
41 | applications should use the more secure PKCS#8 format using the B<pkcs8> | |
42 | ||
3dfda1a6 | 43 | =head1 OPTIONS |
aba3e65f DSH |
44 | |
45 | =over 4 | |
46 | ||
169394d4 MR |
47 | =item B<-help> |
48 | ||
49 | Print out a usage message. | |
50 | ||
aba3e65f DSH |
51 | =item B<-inform DER|PEM> |
52 | ||
53 | This specifies the input format. The B<DER> option with a private key uses | |
54 | an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of | |
55 | version (currently zero), p, q, g, the public and private key components | |
13938ace DSH |
56 | respectively as ASN.1 INTEGERs. When used with a public key it uses a |
57 | SubjectPublicKeyInfo structure: it is an error if the key is not DSA. | |
aba3e65f DSH |
58 | |
59 | The B<PEM> form is the default format: it consists of the B<DER> format base64 | |
13938ace DSH |
60 | encoded with additional header and footer lines. In the case of a private key |
61 | PKCS#8 format is also accepted. | |
aba3e65f DSH |
62 | |
63 | =item B<-outform DER|PEM> | |
64 | ||
7477c83e TM |
65 | This specifies the output format, the options have the same meaning and default |
66 | as the B<-inform> option. | |
aba3e65f DSH |
67 | |
68 | =item B<-in filename> | |
69 | ||
70 | This specifies the input filename to read a key from or standard input if this | |
71 | option is not specified. If the key is encrypted a pass phrase will be | |
72 | prompted for. | |
73 | ||
a3fe382e | 74 | =item B<-passin arg> |
af29811e | 75 | |
c4de074e | 76 | The input file password source. For more information about the format of B<arg> |
9b86974e | 77 | see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. |
af29811e | 78 | |
aba3e65f DSH |
79 | =item B<-out filename> |
80 | ||
81 | This specifies the output filename to write a key to or standard output by | |
82 | is not specified. If any encryption options are set then a pass phrase will be | |
83 | prompted for. The output filename should B<not> be the same as the input | |
84 | filename. | |
85 | ||
a3fe382e | 86 | =item B<-passout arg> |
af29811e | 87 | |
c4de074e | 88 | The output file password source. For more information about the format of B<arg> |
9b86974e | 89 | see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. |
af29811e | 90 | |
dfee8626 | 91 | =item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> |
aba3e65f | 92 | |
fc1d88f0 RS |
93 | These options encrypt the private key with the specified |
94 | cipher before outputting it. A pass phrase is prompted for. | |
aba3e65f | 95 | If none of these options is specified the key is written in plain text. This |
0cd4498b | 96 | means that using the B<dsa> utility to read in an encrypted key with no |
aba3e65f DSH |
97 | encryption option can be used to remove the pass phrase from a key, or by |
98 | setting the encryption options it can be use to add or change the pass phrase. | |
99 | These options can only be used with PEM format output files. | |
100 | ||
101 | =item B<-text> | |
102 | ||
c4de074e | 103 | Prints out the public, private key components and parameters. |
aba3e65f DSH |
104 | |
105 | =item B<-noout> | |
106 | ||
c4de074e | 107 | This option prevents output of the encoded version of the key. |
aba3e65f DSH |
108 | |
109 | =item B<-modulus> | |
110 | ||
c4de074e | 111 | This option prints out the value of the public key component of the key. |
aba3e65f DSH |
112 | |
113 | =item B<-pubin> | |
114 | ||
c4de074e | 115 | By default, a private key is read from the input file. With this option a |
0cd4498b | 116 | public key is read instead. |
aba3e65f DSH |
117 | |
118 | =item B<-pubout> | |
119 | ||
c4de074e | 120 | By default, a private key is output. With this option a public |
aba3e65f DSH |
121 | key will be output instead. This option is automatically set if the input is |
122 | a public key. | |
123 | ||
bfa35550 RL |
124 | =item B<-engine id> |
125 | ||
c4de074e | 126 | Specifying an engine (by its unique B<id> string) will cause B<dsa> |
bfa35550 RL |
127 | to attempt to obtain a functional reference to the specified engine, |
128 | thus initialising it if needed. The engine will then be set as the default | |
129 | for all available algorithms. | |
130 | ||
aba3e65f DSH |
131 | =back |
132 | ||
0286d944 DSH |
133 | =head1 NOTES |
134 | ||
135 | The PEM private key format uses the header and footer lines: | |
136 | ||
137 | -----BEGIN DSA PRIVATE KEY----- | |
138 | -----END DSA PRIVATE KEY----- | |
139 | ||
0cd4498b DSH |
140 | The PEM public key format uses the header and footer lines: |
141 | ||
142 | -----BEGIN PUBLIC KEY----- | |
143 | -----END PUBLIC KEY----- | |
144 | ||
aba3e65f DSH |
145 | =head1 EXAMPLES |
146 | ||
147 | To remove the pass phrase on a DSA private key: | |
148 | ||
1675f6eb | 149 | openssl dsa -in key.pem -out keyout.pem |
aba3e65f DSH |
150 | |
151 | To encrypt a private key using triple DES: | |
152 | ||
1675f6eb | 153 | openssl dsa -in key.pem -des3 -out keyout.pem |
aba3e65f | 154 | |
1bc74519 | 155 | To convert a private key from PEM to DER format: |
aba3e65f | 156 | |
1675f6eb | 157 | openssl dsa -in key.pem -outform DER -out keyout.der |
aba3e65f DSH |
158 | |
159 | To print out the components of a private key to standard output: | |
160 | ||
1675f6eb | 161 | openssl dsa -in key.pem -text -noout |
aba3e65f DSH |
162 | |
163 | To just output the public part of a private key: | |
164 | ||
1675f6eb | 165 | openssl dsa -in key.pem -pubout -out pubkey.pem |
aba3e65f DSH |
166 | |
167 | =head1 SEE ALSO | |
168 | ||
b6b66573 DMSP |
169 | L<openssl(1)>, |
170 | L<openssl-dsaparam(1)>, | |
171 | L<openssl-gendsa(1)>, | |
172 | L<openssl-rsa(1)>, | |
173 | L<openssl-genrsa(1)> | |
aba3e65f | 174 | |
e2f92610 RS |
175 | =head1 COPYRIGHT |
176 | ||
b6b66573 | 177 | Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 178 | |
449040b4 | 179 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
180 | this file except in compliance with the License. You can obtain a copy |
181 | in the file LICENSE in the source distribution or at | |
182 | L<https://www.openssl.org/source/license.html>. | |
183 | ||
184 | =cut |