[thirdparty/openssl.git] / doc / man1 / openssl-genpkey.pod.in

=pod

=begin comment
{- join("\n", @autowarntext) -}

=end comment

=head1 NAME

openssl-genpkey - generate a private key

=head1 SYNOPSIS

B<openssl> B<genpkey>
[B<-help>]
[B<-out> I<filename>]
[B<-outform> B<DER>|B<PEM>]
[B<-pass> I<arg>]
[B<-I<cipher>>]
[B<-paramfile> I<file>]
[B<-algorithm> I<alg>]
[B<-pkeyopt> I<opt>:I<value>]
[B<-genparam>]
[B<-text>]
{- $OpenSSL::safe::opt_engine_synopsis -}
{- $OpenSSL::safe::opt_provider_synopsis -}

=for openssl ifdef engine

=head1 DESCRIPTION

This command generates a private key.

=head1 OPTIONS

=over 4

=item B<-help>

Print out a usage message.

=item B<-out> I<filename>

Output the key to the specified file. If this argument is not specified then
standard output is used.

=item B<-outform> B<DER>|B<PEM>

The output format; the default is B<PEM>.
See L<openssl(1)/Format Options> for details.

=item B<-pass> I<arg>

The output file password source. For more information about the format of I<arg>
see L<openssl(1)/Pass Phrase Options>.

=item B<-I<cipher>>

This option encrypts the private key with the supplied cipher. Any algorithm
name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.

=item B<-algorithm> I<alg>

Public key algorithm to use such as RSA, DSA or DH. If used this option must
precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
are mutually exclusive. Engines may add algorithms in addition to the standard
built-in ones.

Valid built-in algorithm names for private key generation are RSA, RSA-PSS, EC,
X25519, X448, ED25519 and ED448.

Valid built-in algorithm names for parameter generation (see the B<-genparam>
option) are DH, DSA and EC.

Note that the algorithm name X9.42 DH may be used as a synonym for the DH
algorithm. These are identical and do not indicate the type of parameters that
will be generated. Use the B<dh_paramgen_type> option to indicate whether PKCS#3
or X9.42 DH parameters are required. See L</DH Parameter Generation Options>
below for more details.

=item B<-pkeyopt> I<opt>:I<value>

Set the public key algorithm option I<opt> to I<value>. The precise set of
options supported depends on the public key algorithm used and its
implementation. See L</KEY GENERATION OPTIONS> and
L</PARAMETER GENERATION OPTIONS> below for more details.

=item B<-genparam>

Generate a set of parameters instead of a private key. If used this option must
precede any B<-algorithm>, B<-paramfile> or B<-pkeyopt> options.

=item B<-paramfile> I<filename>

Some public key algorithms generate a private key based on a set of parameters.
They can be supplied using this option. If this option is used the public key
algorithm used is determined by the parameters. If used this option must
precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
are mutually exclusive.

=item B<-text>

Print an (unencrypted) text representation of private and public keys and
parameters along with the PEM or DER structure.

{- $OpenSSL::safe::opt_engine_item -}

{- $OpenSSL::safe::opt_provider_item -}

=back

=head1 KEY GENERATION OPTIONS

The options supported by each algorithm and indeed each implementation of an
algorithm can vary. The options for the OpenSSL implementations are detailed
below. There are no key generation options defined for the X25519, X448, ED25519
or ED448 algorithms.

=head2 RSA Key Generation Options

=over 4

=item B<rsa_keygen_bits:numbits>

The number of bits in the generated key. If not specified 2048 is used.

=item B<rsa_keygen_primes:numprimes>

The number of primes in the generated key. If not specified 2 is used.

=item B<rsa_keygen_pubexp:value>

The RSA public exponent value. This can be a large decimal or
hexadecimal value if preceded by C<0x>. Default value is 65537.

=back

=head2 RSA-PSS Key Generation Options

Note: by default an B<RSA-PSS> key has no parameter restrictions.

=over 4

=item B<rsa_keygen_bits>:I<numbits>, B<rsa_keygen_primes>:I<numprimes>,
B<rsa_keygen_pubexp>:I<value>

These options have the same meaning as the B<RSA> algorithm.

=item B<rsa_pss_keygen_md>:I<digest>

If set the key is restricted and can only use I<digest> for signing.

=item B<rsa_pss_keygen_mgf1_md>:I<digest>

If set the key is restricted and can only use I<digest> as it's MGF1
parameter.

=item B<rsa_pss_keygen_saltlen>:I<len>

If set the key is restricted and I<len> specifies the minimum salt length.

=back

=head2 EC Key Generation Options

The EC key generation options can also be used for parameter generation.

=over 4

=item B<ec_paramgen_curve>:I<curve>

The EC curve to use. OpenSSL supports NIST curve names such as "P-256".

=item B<ec_param_enc>:I<encoding>

The encoding to use for parameters. The I<encoding> parameter must be either
B<named_curve> or B<explicit>. The default value is B<named_curve>.

=back

=head1 PARAMETER GENERATION OPTIONS

The options supported by each algorithm and indeed each implementation of an
algorithm can vary. The options for the OpenSSL implementations are detailed
below.

=head2 DSA Parameter Generation Options

=over 4

=item B<dsa_paramgen_bits>:I<numbits>

The number of bits in the generated prime. If not specified 2048 is used.

=item B<dsa_paramgen_q_bits>:I<numbits>

=item B<qbits>:I<numbits>

The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
specified 224 is used.

=item B<dsa_paramgen_md>:I<digest>

=item B<digest>:I<digest>

The digest to use during parameter generation. Must be one of B<sha1>, B<sha224>
or B<sha256>. If set, then the number of bits in B<q> will match the output size
of the specified digest and the B<dsa_paramgen_q_bits> parameter will be
ignored. If not set, then a digest will be used that gives an output matching
the number of bits in B<q>, i.e. B<sha1> if q length is 160, B<sha224> if it 224
or B<sha256> if it is 256.


=item B<properties>:I<query>

The I<digest> property I<query> string to use when fetching a digest from a provider.

=item B<type>:I<type>

The type of generation to use. Set this to 1 to use legacy FIPS186-2 parameter
generation. The default of 0 uses FIPS186-4 parameter generation.

=item B<gindex>:I<index>

The index to use for canonical generation and verification of the generator g.
Set this to a positive value ranging from 0..255 to use this mode. Larger values
will only use the bottom byte.
This I<index> must then be reused during key validation to verify the value of g.
If this value is not set then g is not verifiable. The default value is -1.

=item B<hexseed>:I<seed>

The seed I<seed> data to use instead of generating a random seed internally.
This should be used for testing purposes only. This will either produced fixed
values for the generated parameters OR it will fail if the seed did not
generate valid primes.

=back

=head2 DH Parameter Generation Options

=over 4

=item B<dh_paramgen_prime_len>:I<numbits>

The number of bits in the prime parameter I<p>. The default is 2048.

=item B<dh_paramgen_subprime_len>:I<numbits>

The number of bits in the sub prime parameter I<q>. The default is 256 if the
prime is at least 2048 bits long or 160 otherwise. Only relevant if used in
conjunction with the B<dh_paramgen_type> option to generate X9.42 DH parameters.

=item B<dh_paramgen_generator>:I<value>

The value to use for the generator I<g>. The default is 2.

=item B<dh_paramgen_type>:I<value>

The type of DH parameters to generate. Use 0 for PKCS#3 DH and 1 for X9.42 DH.
The default is 0.

=item B<dh_rfc5114>:I<num>

If this option is set, then the appropriate RFC5114 parameters are used
instead of generating new parameters. The value I<num> can be one of
1, 2 or 3 corresponding to RFC5114 DH parameters consisting of
1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup
and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections
2.1, 2.2 and 2.3 respectively. If present this overrides all other DH parameter
options.

=back

=head2 EC Parameter Generation Options

The EC parameter generation options are the same as for key generation. See
L</EC Key Generation Options> above.

=head1 NOTES

The use of the genpkey program is encouraged over the algorithm specific
utilities because additional algorithm options and ENGINE provided algorithms
can be used.

=head1 EXAMPLES

Generate an RSA private key using default parameters:

 openssl genpkey -algorithm RSA -out key.pem

Encrypt output private key using 128 bit AES and the passphrase "hello":

 openssl genpkey -algorithm RSA -out key.pem -aes-128-cbc -pass pass:hello

Generate a 2048 bit RSA key using 3 as the public exponent:

 openssl genpkey -algorithm RSA -out key.pem \
     -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3

Generate 2048 bit DSA parameters that can be validated: The output values for
gindex and seed are required for key validation purposes and are not saved to
the output pem file).

 openssl genpkey -genparam -algorithm DSA -out dsap.pem -pkeyopt pbits:2048 \
     -pkeyopt qbits:224 -pkeyopt digest:SHA256 -pkeyopt gindex:1 -text

Generate DSA key from parameters:

 openssl genpkey -paramfile dsap.pem -out dsakey.pem

Generate 2048 bit DH parameters:

 openssl genpkey -genparam -algorithm DH -out dhp.pem \
     -pkeyopt dh_paramgen_prime_len:2048

Generate 2048 bit X9.42 DH parameters:

 openssl genpkey -genparam -algorithm DH -out dhpx.pem \
     -pkeyopt dh_paramgen_prime_len:2048 \
     -pkeyopt dh_paramgen_type:1

Output RFC5114 2048 bit DH parameters with 224 bit subgroup:

 openssl genpkey -genparam -algorithm DH -out dhp.pem -pkeyopt dh_rfc5114:2

Generate DH key from parameters:

 openssl genpkey -paramfile dhp.pem -out dhkey.pem

Generate EC parameters:

 openssl genpkey -genparam -algorithm EC -out ecp.pem \
        -pkeyopt ec_paramgen_curve:secp384r1 \
        -pkeyopt ec_param_enc:named_curve

Generate EC key from parameters:

 openssl genpkey -paramfile ecp.pem -out eckey.pem

Generate EC key directly:

 openssl genpkey -algorithm EC -out eckey.pem \
        -pkeyopt ec_paramgen_curve:P-384 \
        -pkeyopt ec_param_enc:named_curve

Generate an X25519 private key:

 openssl genpkey -algorithm X25519 -out xkey.pem

Generate an ED448 private key:

 openssl genpkey -algorithm ED448 -out xkey.pem

=head1 HISTORY

The ability to use NIST curve names, and to generate an EC key directly,
were added in OpenSSL 1.0.2.
The ability to generate X25519 keys was added in OpenSSL 1.1.0.
The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1.

=head1 COPYRIGHT

Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
49131a7d DSH	1	=pod
49131a7d DSH	2
018aaeb4 RS	3	=begin comment
	4	{- join("\n", @autowarntext) -}
	5
	6	=end comment
	7
49131a7d DSH	8	=head1 NAME
49131a7d DSH	9
b6b66573	10	openssl-genpkey - generate a private key
49131a7d DSH	11
	12	=head1 SYNOPSIS
	13
	14	B<openssl> B<genpkey>
169394d4	15	[B<-help>]
e8769719 RS	16	[B<-out> I<filename>]
	17	[B<-outform> B<DER>\|B<PEM>]
	18	[B<-pass> I<arg>]
8dc57d76	19	[B<-I<cipher>>]
e8769719 RS	20	[B<-paramfile> I<file>]
e8769719 RS	21	[B<-algorithm> I<alg>]
2f0ea936	22	[B<-pkeyopt> I<opt>:I<value>]
49131a7d DSH	23	[B<-genparam>]
49131a7d DSH	24	[B<-text>]
018aaeb4	25	{- $OpenSSL::safe::opt_engine_synopsis -}
6bd4e3f2	26	{- $OpenSSL::safe::opt_provider_synopsis -}
49131a7d	27
9f3c076b	28	=for openssl ifdef engine
1738c0ce	29
49131a7d DSH	30	=head1 DESCRIPTION
49131a7d DSH	31
35a810bb	32	This command generates a private key.
49131a7d DSH	33
	34	=head1 OPTIONS
	35
	36	=over 4
	37
169394d4 MR	38	=item B<-help>
	39
	40	Print out a usage message.
	41
e8769719	42	=item B<-out> I<filename>
49131a7d	43
169394d4 MR	44	Output the key to the specified file. If this argument is not specified then
169394d4 MR	45	standard output is used.
49131a7d	46
e8769719	47	=item B<-outform> B<DER>\|B<PEM>
49131a7d	48
777182a0 RS	49	The output format; the default is B<PEM>.
777182a0 RS	50	See L<openssl(1)/Format Options> for details.
49131a7d	51
e8769719	52	=item B<-pass> I<arg>
49131a7d	53
2f0ea936	54	The output file password source. For more information about the format of I<arg>
3a4e43de	55	see L<openssl(1)/Pass Phrase Options>.
49131a7d	56
8dc57d76	57	=item B<-I<cipher>>
49131a7d	58
5ce60a20	59	This option encrypts the private key with the supplied cipher. Any algorithm
49131a7d DSH	60	name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.
49131a7d DSH	61
e8769719	62	=item B<-algorithm> I<alg>
49131a7d	63
c4de074e	64	Public key algorithm to use such as RSA, DSA or DH. If used this option must
f489ab31	65	precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
77579510 MC	66	are mutually exclusive. Engines may add algorithms in addition to the standard
	67	built-in ones.
	68
	69	Valid built-in algorithm names for private key generation are RSA, RSA-PSS, EC,
	70	X25519, X448, ED25519 and ED448.
	71
	72	Valid built-in algorithm names for parameter generation (see the B<-genparam>
	73	option) are DH, DSA and EC.
	74
	75	Note that the algorithm name X9.42 DH may be used as a synonym for the DH
	76	algorithm. These are identical and do not indicate the type of parameters that
	77	will be generated. Use the B<dh_paramgen_type> option to indicate whether PKCS#3
8bc93d2f	78	or X9.42 DH parameters are required. See L</DH Parameter Generation Options>
77579510	79	below for more details.
49131a7d	80
2f0ea936	81	=item B<-pkeyopt> I<opt>:I<value>
49131a7d	82
2f0ea936	83	Set the public key algorithm option I<opt> to I<value>. The precise set of
49131a7d	84	options supported depends on the public key algorithm used and its
f5c14c63 RL	85	implementation. See L</KEY GENERATION OPTIONS> and
f5c14c63 RL	86	L</PARAMETER GENERATION OPTIONS> below for more details.
49131a7d DSH	87
	88	=item B<-genparam>
	89
c4de074e	90	Generate a set of parameters instead of a private key. If used this option must
77a795e4	91	precede any B<-algorithm>, B<-paramfile> or B<-pkeyopt> options.
49131a7d	92
e8769719	93	=item B<-paramfile> I<filename>
49131a7d DSH	94
49131a7d DSH	95	Some public key algorithms generate a private key based on a set of parameters.
e4549295 DSH	96	They can be supplied using this option. If this option is used the public key
e4549295 DSH	97	algorithm used is determined by the parameters. If used this option must
77a795e4	98	precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
e4549295 DSH	99	are mutually exclusive.
	100
	101	=item B<-text>
	102
	103	Print an (unencrypted) text representation of private and public keys and
	104	parameters along with the PEM or DER structure.
49131a7d	105
018aaeb4 RS	106	{- $OpenSSL::safe::opt_engine_item -}
018aaeb4 RS	107
6bd4e3f2 P	108	{- $OpenSSL::safe::opt_provider_item -}
6bd4e3f2 P	109
49131a7d DSH	110	=back
	111
	112	=head1 KEY GENERATION OPTIONS
	113
4c583c36	114	The options supported by each algorithm and indeed each implementation of an
49131a7d	115	algorithm can vary. The options for the OpenSSL implementations are detailed
77579510 MC	116	below. There are no key generation options defined for the X25519, X448, ED25519
77579510 MC	117	or ED448 algorithms.
49131a7d	118
77579510	119	=head2 RSA Key Generation Options
49131a7d DSH	120
	121	=over 4
	122
	123	=item B<rsa_keygen_bits:numbits>
	124
70b0b977	125	The number of bits in the generated key. If not specified 2048 is used.
49131a7d	126
665d899f PY	127	=item B<rsa_keygen_primes:numprimes>
	128
	129	The number of primes in the generated key. If not specified 2 is used.
	130
	131	=item B<rsa_keygen_pubexp:value>
	132
	133	The RSA public exponent value. This can be a large decimal or
a43384fd	134	hexadecimal value if preceded by C<0x>. Default value is 65537.
665d899f PY	135
	136	=back
	137
77579510	138	=head2 RSA-PSS Key Generation Options
665d899f PY	139
	140	Note: by default an B<RSA-PSS> key has no parameter restrictions.
	141
	142	=over 4
	143
2f0ea936 RL	144	=item B<rsa_keygen_bits>:I<numbits>, B<rsa_keygen_primes>:I<numprimes>,
2f0ea936 RL	145	B<rsa_keygen_pubexp>:I<value>
7751098e DSH	146
	147	These options have the same meaning as the B<RSA> algorithm.
	148
2f0ea936	149	=item B<rsa_pss_keygen_md>:I<digest>
7751098e	150
2f0ea936	151	If set the key is restricted and can only use I<digest> for signing.
7751098e	152
2f0ea936	153	=item B<rsa_pss_keygen_mgf1_md>:I<digest>
7751098e	154
2f0ea936	155	If set the key is restricted and can only use I<digest> as it's MGF1
7751098e DSH	156	parameter.
7751098e DSH	157
2f0ea936	158	=item B<rsa_pss_keygen_saltlen>:I<len>
7751098e	159
2f0ea936	160	If set the key is restricted and I<len> specifies the minimum salt length.
7751098e DSH	161
	162	=back
	163
77579510 MC	164	=head2 EC Key Generation Options
	165
	166	The EC key generation options can also be used for parameter generation.
49131a7d DSH	167
	168	=over 4
	169
2f0ea936	170	=item B<ec_paramgen_curve>:I<curve>
49131a7d	171
77579510 MC	172	The EC curve to use. OpenSSL supports NIST curve names such as "P-256".
77579510 MC	173
2f0ea936	174	=item B<ec_param_enc>:I<encoding>
77579510	175
2f0ea936 RL	176	The encoding to use for parameters. The I<encoding> parameter must be either
2f0ea936 RL	177	B<named_curve> or B<explicit>. The default value is B<named_curve>.
49131a7d	178
677741f8 AP	179	=back
677741f8 AP	180
77579510 MC	181	=head1 PARAMETER GENERATION OPTIONS
	182
	183	The options supported by each algorithm and indeed each implementation of an
	184	algorithm can vary. The options for the OpenSSL implementations are detailed
	185	below.
	186
	187	=head2 DSA Parameter Generation Options
49131a7d DSH	188
	189	=over 4
	190
2f0ea936	191	=item B<dsa_paramgen_bits>:I<numbits>
49131a7d	192
70b0b977	193	The number of bits in the generated prime. If not specified 2048 is used.
49131a7d	194
2f0ea936	195	=item B<dsa_paramgen_q_bits>:I<numbits>
49131a7d	196
b03ec3b5 SL	197	=item B<qbits>:I<numbits>
b03ec3b5 SL	198
77579510	199	The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
70b0b977	200	specified 224 is used.
49131a7d	201
2f0ea936	202	=item B<dsa_paramgen_md>:I<digest>
618eb125	203
b03ec3b5 SL	204	=item B<digest>:I<digest>
b03ec3b5 SL	205
77579510 MC	206	The digest to use during parameter generation. Must be one of B<sha1>, B<sha224>
	207	or B<sha256>. If set, then the number of bits in B<q> will match the output size
	208	of the specified digest and the B<dsa_paramgen_q_bits> parameter will be
	209	ignored. If not set, then a digest will be used that gives an output matching
	210	the number of bits in B<q>, i.e. B<sha1> if q length is 160, B<sha224> if it 224
	211	or B<sha256> if it is 256.
618eb125	212
b03ec3b5 SL	213
	214	=item B<properties>:I<query>
	215
	216	The I<digest> property I<query> string to use when fetching a digest from a provider.
	217
	218	=item B<type>:I<type>
	219
	220	The type of generation to use. Set this to 1 to use legacy FIPS186-2 parameter
	221	generation. The default of 0 uses FIPS186-4 parameter generation.
	222
	223	=item B<gindex>:I<index>
	224
	225	The index to use for canonical generation and verification of the generator g.
	226	Set this to a positive value ranging from 0..255 to use this mode. Larger values
	227	will only use the bottom byte.
	228	This I<index> must then be reused during key validation to verify the value of g.
	229	If this value is not set then g is not verifiable. The default value is -1.
	230
	231	=item B<hexseed>:I<seed>
	232
	233	The seed I<seed> data to use instead of generating a random seed internally.
	234	This should be used for testing purposes only. This will either produced fixed
	235	values for the generated parameters OR it will fail if the seed did not
	236	generate valid primes.
	237
49131a7d DSH	238	=back
49131a7d DSH	239
77579510	240	=head2 DH Parameter Generation Options
146ca72c	241
49131a7d DSH	242	=over 4
49131a7d DSH	243
2f0ea936	244	=item B<dh_paramgen_prime_len>:I<numbits>
146ca72c	245
2f0ea936	246	The number of bits in the prime parameter I<p>. The default is 2048.
49131a7d	247
2f0ea936	248	=item B<dh_paramgen_subprime_len>:I<numbits>
49131a7d	249
2f0ea936	250	The number of bits in the sub prime parameter I<q>. The default is 256 if the
77579510 MC	251	prime is at least 2048 bits long or 160 otherwise. Only relevant if used in
77579510 MC	252	conjunction with the B<dh_paramgen_type> option to generate X9.42 DH parameters.
e5fa864f	253
2f0ea936	254	=item B<dh_paramgen_generator>:I<value>
e5fa864f	255
2f0ea936	256	The value to use for the generator I<g>. The default is 2.
e5fa864f	257
2f0ea936	258	=item B<dh_paramgen_type>:I<value>
e5fa864f	259
77579510 MC	260	The type of DH parameters to generate. Use 0 for PKCS#3 DH and 1 for X9.42 DH.
77579510 MC	261	The default is 0.
e5fa864f	262
2f0ea936	263	=item B<dh_rfc5114>:I<num>
e5fa864f	264
77579510	265	If this option is set, then the appropriate RFC5114 parameters are used
2f0ea936 RL	266	instead of generating new parameters. The value I<num> can be one of
2f0ea936 RL	267	1, 2 or 3 corresponding to RFC5114 DH parameters consisting of
77579510 MC	268	1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup
	269	and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections
	270	2.1, 2.2 and 2.3 respectively. If present this overrides all other DH parameter
	271	options.
e5fa864f DSH	272
	273	=back
	274
77579510	275	=head2 EC Parameter Generation Options
e5fa864f	276
77579510	277	The EC parameter generation options are the same as for key generation. See
f5c14c63	278	L</EC Key Generation Options> above.
e5fa864f	279
49131a7d DSH	280	=head1 NOTES
	281
	282	The use of the genpkey program is encouraged over the algorithm specific
	283	utilities because additional algorithm options and ENGINE provided algorithms
	284	can be used.
	285
	286	=head1 EXAMPLES
	287
	288	Generate an RSA private key using default parameters:
	289
146ca72c	290	openssl genpkey -algorithm RSA -out key.pem
49131a7d DSH	291
	292	Encrypt output private key using 128 bit AES and the passphrase "hello":
	293
e5fa864f	294	openssl genpkey -algorithm RSA -out key.pem -aes-128-cbc -pass pass:hello
49131a7d DSH	295
	296	Generate a 2048 bit RSA key using 3 as the public exponent:
	297
dfee8626 RS	298	openssl genpkey -algorithm RSA -out key.pem \
dfee8626 RS	299	-pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3
49131a7d	300
b03ec3b5 SL	301	Generate 2048 bit DSA parameters that can be validated: The output values for
	302	gindex and seed are required for key validation purposes and are not saved to
	303	the output pem file).
49131a7d	304
b03ec3b5 SL	305	openssl genpkey -genparam -algorithm DSA -out dsap.pem -pkeyopt pbits:2048 \
b03ec3b5 SL	306	-pkeyopt qbits:224 -pkeyopt digest:SHA256 -pkeyopt gindex:1 -text
49131a7d DSH	307
	308	Generate DSA key from parameters:
	309
146ca72c	310	openssl genpkey -paramfile dsap.pem -out dsakey.pem
49131a7d	311
77579510	312	Generate 2048 bit DH parameters:
49131a7d DSH	313
49131a7d DSH	314	openssl genpkey -genparam -algorithm DH -out dhp.pem \
dfee8626	315	-pkeyopt dh_paramgen_prime_len:2048
77579510 MC	316
	317	Generate 2048 bit X9.42 DH parameters:
	318
	319	openssl genpkey -genparam -algorithm DH -out dhpx.pem \
dfee8626 RS	320	-pkeyopt dh_paramgen_prime_len:2048 \
dfee8626 RS	321	-pkeyopt dh_paramgen_type:1
49131a7d	322
618eb125 DSH	323	Output RFC5114 2048 bit DH parameters with 224 bit subgroup:
	324
	325	openssl genpkey -genparam -algorithm DH -out dhp.pem -pkeyopt dh_rfc5114:2
	326
49131a7d DSH	327	Generate DH key from parameters:
49131a7d DSH	328
146ca72c DSH	329	openssl genpkey -paramfile dhp.pem -out dhkey.pem
	330
	331	Generate EC parameters:
	332
	333	openssl genpkey -genparam -algorithm EC -out ecp.pem \
1bc74519 RS	334	-pkeyopt ec_paramgen_curve:secp384r1 \
1bc74519 RS	335	-pkeyopt ec_param_enc:named_curve
146ca72c DSH	336
	337	Generate EC key from parameters:
	338
	339	openssl genpkey -paramfile ecp.pem -out eckey.pem
	340
a528d4f0	341	Generate EC key directly:
49131a7d	342
146ca72c	343	openssl genpkey -algorithm EC -out eckey.pem \
1bc74519 RS	344	-pkeyopt ec_paramgen_curve:P-384 \
1bc74519 RS	345	-pkeyopt ec_param_enc:named_curve
49131a7d	346
c082201a DSH	347	Generate an X25519 private key:
	348
	349	openssl genpkey -algorithm X25519 -out xkey.pem
	350
77579510 MC	351	Generate an ED448 private key:
	352
	353	openssl genpkey -algorithm ED448 -out xkey.pem
	354
a528d4f0 RS	355	=head1 HISTORY
	356
	357	The ability to use NIST curve names, and to generate an EC key directly,
fc5ecadd DMSP	358	were added in OpenSSL 1.0.2.
	359	The ability to generate X25519 keys was added in OpenSSL 1.1.0.
	360	The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1.
a528d4f0	361
e2f92610 RS	362	=head1 COPYRIGHT
e2f92610 RS	363
33388b44	364	Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
e2f92610	365
449040b4	366	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	367	this file except in compliance with the License. You can obtain a copy
	368	in the file LICENSE in the source distribution or at
	369	L<https://www.openssl.org/source/license.html>.
	370
	371	=cut