]>
Commit | Line | Data |
---|---|---|
2c789c82 BM |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
3f2181e6 | 5 | openssl-ecparam, |
2c789c82 BM |
6 | ecparam - EC parameter manipulation and generation |
7 | ||
8 | =head1 SYNOPSIS | |
9 | ||
10 | B<openssl ecparam> | |
169394d4 | 11 | [B<-help>] |
2c789c82 BM |
12 | [B<-inform DER|PEM>] |
13 | [B<-outform DER|PEM>] | |
14 | [B<-in filename>] | |
15 | [B<-out filename>] | |
16 | [B<-noout>] | |
17 | [B<-text>] | |
18 | [B<-C>] | |
19 | [B<-check>] | |
ac2b52c6 | 20 | [B<-check_named>] |
2c789c82 | 21 | [B<-name arg>] |
fc1d88f0 | 22 | [B<-list_curves>] |
2c789c82 BM |
23 | [B<-conv_form arg>] |
24 | [B<-param_enc arg>] | |
25 | [B<-no_seed>] | |
3ee1eac2 RS |
26 | [B<-rand file...>] |
27 | [B<-writerand file>] | |
2c789c82 BM |
28 | [B<-genkey>] |
29 | [B<-engine id>] | |
30 | ||
31 | =head1 DESCRIPTION | |
32 | ||
33 | This command is used to manipulate or generate EC parameter files. | |
34 | ||
35 | =head1 OPTIONS | |
36 | ||
37 | =over 4 | |
38 | ||
169394d4 MR |
39 | =item B<-help> |
40 | ||
41 | Print out a usage message. | |
42 | ||
2c789c82 BM |
43 | =item B<-inform DER|PEM> |
44 | ||
45 | This specifies the input format. The B<DER> option uses an ASN.1 DER encoded | |
46 | form compatible with RFC 3279 EcpkParameters. The PEM form is the default | |
1bc74519 | 47 | format: it consists of the B<DER> format base64 encoded with additional |
2c789c82 BM |
48 | header and footer lines. |
49 | ||
50 | =item B<-outform DER|PEM> | |
51 | ||
7477c83e TM |
52 | This specifies the output format, the options have the same meaning and default |
53 | as the B<-inform> option. | |
2c789c82 BM |
54 | |
55 | =item B<-in filename> | |
56 | ||
57 | This specifies the input filename to read parameters from or standard input if | |
58 | this option is not specified. | |
59 | ||
60 | =item B<-out filename> | |
61 | ||
62 | This specifies the output filename parameters to. Standard output is used | |
63 | if this option is not present. The output filename should B<not> be the same | |
64 | as the input filename. | |
65 | ||
66 | =item B<-noout> | |
67 | ||
68 | This option inhibits the output of the encoded version of the parameters. | |
69 | ||
70 | =item B<-text> | |
71 | ||
72 | This option prints out the EC parameters in human readable form. | |
73 | ||
74 | =item B<-C> | |
75 | ||
76 | This option converts the EC parameters into C code. The parameters can then | |
35cb565a | 77 | be loaded by calling the get_ec_group_XXX() function. |
2c789c82 BM |
78 | |
79 | =item B<-check> | |
80 | ||
81 | Validate the elliptic curve parameters. | |
82 | ||
ac2b52c6 NT |
83 | =item B<-check_named> |
84 | ||
85 | Validate the elliptic name curve parameters by checking if the curve parameters | |
37f03b98 | 86 | match any built-in curves. |
ac2b52c6 | 87 | |
2c789c82 BM |
88 | =item B<-name arg> |
89 | ||
90 | Use the EC parameters with the specified 'short' name. Use B<-list_curves> | |
91 | to get a list of all currently implemented EC parameters. | |
92 | ||
93 | =item B<-list_curves> | |
94 | ||
95 | If this options is specified B<ecparam> will print out a list of all | |
96 | currently implemented EC parameters names and exit. | |
97 | ||
98 | =item B<-conv_form> | |
99 | ||
100 | This specifies how the points on the elliptic curve are converted | |
ab0a3914 MC |
101 | into octet strings. Possible values are: B<compressed>, B<uncompressed> (the |
102 | default value) and B<hybrid>. For more information regarding | |
2c789c82 BM |
103 | the point conversion forms please read the X9.62 standard. |
104 | B<Note> Due to patent issues the B<compressed> option is disabled | |
105 | by default for binary curves and can be enabled by defining | |
106 | the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time. | |
107 | ||
108 | =item B<-param_enc arg> | |
109 | ||
110 | This specifies how the elliptic curve parameters are encoded. | |
111 | Possible value are: B<named_curve>, i.e. the ec parameters are | |
35ed393e | 112 | specified by an OID, or B<explicit> where the ec parameters are |
1bc74519 | 113 | explicitly given (see RFC 3279 for the definition of the |
2c789c82 | 114 | EC parameters structures). The default value is B<named_curve>. |
aebb9aac | 115 | B<Note> the B<implicitlyCA> alternative, as specified in RFC 3279, |
2c789c82 BM |
116 | is currently not implemented in OpenSSL. |
117 | ||
118 | =item B<-no_seed> | |
119 | ||
120 | This option inhibits that the 'seed' for the parameter generation | |
121 | is included in the ECParameters structure (see RFC 3279). | |
122 | ||
123 | =item B<-genkey> | |
124 | ||
35ed393e | 125 | This option will generate an EC private key using the specified parameters. |
2c789c82 | 126 | |
3ee1eac2 | 127 | =item B<-rand file...> |
2c789c82 | 128 | |
c4de074e | 129 | A file or files containing random data used to seed the random number |
3ee1eac2 | 130 | generator. |
35ed393e | 131 | Multiple files can be specified separated by an OS-dependent character. |
2c789c82 BM |
132 | The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for |
133 | all others. | |
134 | ||
3ee1eac2 RS |
135 | =item [B<-writerand file>] |
136 | ||
137 | Writes random data to the specified I<file> upon exit. | |
138 | This can be used with a subsequent B<-rand> flag. | |
139 | ||
2c789c82 BM |
140 | =item B<-engine id> |
141 | ||
c4de074e | 142 | Specifying an engine (by its unique B<id> string) will cause B<ecparam> |
2c789c82 BM |
143 | to attempt to obtain a functional reference to the specified engine, |
144 | thus initialising it if needed. The engine will then be set as the default | |
145 | for all available algorithms. | |
146 | ||
147 | =back | |
148 | ||
149 | =head1 NOTES | |
150 | ||
151 | PEM format EC parameters use the header and footer lines: | |
152 | ||
153 | -----BEGIN EC PARAMETERS----- | |
154 | -----END EC PARAMETERS----- | |
155 | ||
156 | OpenSSL is currently not able to generate new groups and therefore | |
1bc74519 | 157 | B<ecparam> can only create EC parameters from known (named) curves. |
2c789c82 BM |
158 | |
159 | =head1 EXAMPLES | |
160 | ||
161 | To create EC parameters with the group 'prime192v1': | |
162 | ||
627bd670 | 163 | openssl ecparam -out ec_param.pem -name prime192v1 |
2c789c82 BM |
164 | |
165 | To create EC parameters with explicit parameters: | |
166 | ||
627bd670 | 167 | openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit |
2c789c82 BM |
168 | |
169 | To validate given EC parameters: | |
170 | ||
627bd670 | 171 | openssl ecparam -in ec_param.pem -check |
2c789c82 BM |
172 | |
173 | To create EC parameters and a private key: | |
174 | ||
627bd670 | 175 | openssl ecparam -out ec_key.pem -name prime192v1 -genkey |
2c789c82 BM |
176 | |
177 | To change the point encoding to 'compressed': | |
178 | ||
627bd670 | 179 | openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed |
2c789c82 BM |
180 | |
181 | To print out the EC parameters to standard output: | |
182 | ||
627bd670 | 183 | openssl ecparam -in ec_param.pem -noout -text |
2c789c82 BM |
184 | |
185 | =head1 SEE ALSO | |
186 | ||
9b86974e | 187 | L<ec(1)>, L<dsaparam(1)> |
2c789c82 | 188 | |
e2f92610 RS |
189 | =head1 COPYRIGHT |
190 | ||
c4d3c19b | 191 | Copyright 2003-2018 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 192 | |
449040b4 | 193 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
194 | this file except in compliance with the License. You can obtain a copy |
195 | in the file LICENSE in the source distribution or at | |
196 | L<https://www.openssl.org/source/license.html>. | |
197 | ||
198 | =cut |