2
0

ecparam.pod 4.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179
  1. =pod
  2. =head1 NAME
  3. ecparam - EC parameter manipulation and generation
  4. =head1 SYNOPSIS
  5. B<openssl ecparam>
  6. [B<-inform DER|PEM>]
  7. [B<-outform DER|PEM>]
  8. [B<-in filename>]
  9. [B<-out filename>]
  10. [B<-noout>]
  11. [B<-text>]
  12. [B<-C>]
  13. [B<-check>]
  14. [B<-name arg>]
  15. [B<-list_curve>]
  16. [B<-conv_form arg>]
  17. [B<-param_enc arg>]
  18. [B<-no_seed>]
  19. [B<-rand file(s)>]
  20. [B<-genkey>]
  21. [B<-engine id>]
  22. =head1 DESCRIPTION
  23. This command is used to manipulate or generate EC parameter files.
  24. =head1 OPTIONS
  25. =over 4
  26. =item B<-inform DER|PEM>
  27. This specifies the input format. The B<DER> option uses an ASN.1 DER encoded
  28. form compatible with RFC 3279 EcpkParameters. The PEM form is the default
  29. format: it consists of the B<DER> format base64 encoded with additional
  30. header and footer lines.
  31. =item B<-outform DER|PEM>
  32. This specifies the output format, the options have the same meaning as the
  33. B<-inform> option.
  34. =item B<-in filename>
  35. This specifies the input filename to read parameters from or standard input if
  36. this option is not specified.
  37. =item B<-out filename>
  38. This specifies the output filename parameters to. Standard output is used
  39. if this option is not present. The output filename should B<not> be the same
  40. as the input filename.
  41. =item B<-noout>
  42. This option inhibits the output of the encoded version of the parameters.
  43. =item B<-text>
  44. This option prints out the EC parameters in human readable form.
  45. =item B<-C>
  46. This option converts the EC parameters into C code. The parameters can then
  47. be loaded by calling the B<get_ec_group_XXX()> function.
  48. =item B<-check>
  49. Validate the elliptic curve parameters.
  50. =item B<-name arg>
  51. Use the EC parameters with the specified 'short' name. Use B<-list_curves>
  52. to get a list of all currently implemented EC parameters.
  53. =item B<-list_curves>
  54. If this options is specified B<ecparam> will print out a list of all
  55. currently implemented EC parameters names and exit.
  56. =item B<-conv_form>
  57. This specifies how the points on the elliptic curve are converted
  58. into octet strings. Possible values are: B<compressed> (the default
  59. value), B<uncompressed> and B<hybrid>. For more information regarding
  60. the point conversion forms please read the X9.62 standard.
  61. B<Note> Due to patent issues the B<compressed> option is disabled
  62. by default for binary curves and can be enabled by defining
  63. the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.
  64. =item B<-param_enc arg>
  65. This specifies how the elliptic curve parameters are encoded.
  66. Possible value are: B<named_curve>, i.e. the ec parameters are
  67. specified by a OID, or B<explicit> where the ec parameters are
  68. explicitly given (see RFC 3279 for the definition of the
  69. EC parameters structures). The default value is B<named_curve>.
  70. B<Note> the B<implicitlyCA> alternative ,as specified in RFC 3279,
  71. is currently not implemented in OpenSSL.
  72. =item B<-no_seed>
  73. This option inhibits that the 'seed' for the parameter generation
  74. is included in the ECParameters structure (see RFC 3279).
  75. =item B<-genkey>
  76. This option will generate a EC private key using the specified parameters.
  77. =item B<-rand file(s)>
  78. a file or files containing random data used to seed the random number
  79. generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
  80. Multiple files can be specified separated by a OS-dependent character.
  81. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
  82. all others.
  83. =item B<-engine id>
  84. specifying an engine (by its unique B<id> string) will cause B<ecparam>
  85. to attempt to obtain a functional reference to the specified engine,
  86. thus initialising it if needed. The engine will then be set as the default
  87. for all available algorithms.
  88. =back
  89. =head1 NOTES
  90. PEM format EC parameters use the header and footer lines:
  91. -----BEGIN EC PARAMETERS-----
  92. -----END EC PARAMETERS-----
  93. OpenSSL is currently not able to generate new groups and therefore
  94. B<ecparam> can only create EC parameters from known (named) curves.
  95. =head1 EXAMPLES
  96. To create EC parameters with the group 'prime192v1':
  97. openssl ecparam -out ec_param.pem -name prime192v1
  98. To create EC parameters with explicit parameters:
  99. openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit
  100. To validate given EC parameters:
  101. openssl ecparam -in ec_param.pem -check
  102. To create EC parameters and a private key:
  103. openssl ecparam -out ec_key.pem -name prime192v1 -genkey
  104. To change the point encoding to 'compressed':
  105. openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed
  106. To print out the EC parameters to standard output:
  107. openssl ecparam -in ec_param.pem -noout -text
  108. =head1 SEE ALSO
  109. L<ec(1)|ec(1)>, L<dsaparam(1)|dsaparam(1)>
  110. =head1 HISTORY
  111. The ecparam command was first introduced in OpenSSL 0.9.8.
  112. =head1 AUTHOR
  113. Nils Larsch for the OpenSSL project (http://www.openssl.org)
  114. =cut