xref: /freebsd-10.0-release/crypto/openssl/doc/apps/ecparam.pod

=pod

=head1 NAME

ecparam - EC parameter manipulation and generation

=head1 SYNOPSIS

B<openssl ecparam>
[B<-inform DER|PEM>]
[B<-outform DER|PEM>]
[B<-in filename>]
[B<-out filename>]
[B<-noout>]
[B<-text>]
[B<-C>]
[B<-check>]
[B<-name arg>]
[B<-list_curves>]
[B<-conv_form arg>]
[B<-param_enc arg>]
[B<-no_seed>]
[B<-rand file(s)>]
[B<-genkey>]
[B<-engine id>]

=head1 DESCRIPTION

This command is used to manipulate or generate EC parameter files.

=head1 OPTIONS

=over 4

=item B<-inform DER|PEM>

This specifies the input format. The B<DER> option uses an ASN.1 DER encoded
form compatible with RFC 3279 EcpkParameters. The PEM form is the default
format: it consists of the B<DER> format base64 encoded with additional 
header and footer lines.

=item B<-outform DER|PEM>

This specifies the output format, the options have the same meaning as the 
B<-inform> option.

=item B<-in filename>

This specifies the input filename to read parameters from or standard input if
this option is not specified.

=item B<-out filename>

This specifies the output filename parameters to. Standard output is used
if this option is not present. The output filename should B<not> be the same
as the input filename.

=item B<-noout>

This option inhibits the output of the encoded version of the parameters.

=item B<-text>

This option prints out the EC parameters in human readable form.

=item B<-C>

This option converts the EC parameters into C code. The parameters can then
be loaded by calling the B<get_ec_group_XXX()> function.

=item B<-check>

Validate the elliptic curve parameters.

=item B<-name arg>

Use the EC parameters with the specified 'short' name. Use B<-list_curves>
to get a list of all currently implemented EC parameters.

=item B<-list_curves>

If this options is specified B<ecparam> will print out a list of all
currently implemented EC parameters names and exit.

=item B<-conv_form>

This specifies how the points on the elliptic curve are converted
into octet strings. Possible values are: B<compressed> (the default
value), B<uncompressed> and B<hybrid>. For more information regarding
the point conversion forms please read the X9.62 standard.
B<Note> Due to patent issues the B<compressed> option is disabled
by default for binary curves and can be enabled by defining
the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.

=item B<-param_enc arg>

This specifies how the elliptic curve parameters are encoded.
Possible value are: B<named_curve>, i.e. the ec parameters are
specified by a OID, or B<explicit> where the ec parameters are
explicitly given (see RFC 3279 for the definition of the 
EC parameters structures). The default value is B<named_curve>.
B<Note> the B<implicitlyCA> alternative ,as specified in RFC 3279,
is currently not implemented in OpenSSL.

=item B<-no_seed>

This option inhibits that the 'seed' for the parameter generation
is included in the ECParameters structure (see RFC 3279).

=item B<-genkey>

This option will generate a EC private key using the specified parameters.

=item B<-rand file(s)>

a file or files containing random data used to seed the random number
generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
Multiple files can be specified separated by a OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.

=item B<-engine id>

specifying an engine (by its unique B<id> string) will cause B<ecparam>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.

=back

=head1 NOTES

PEM format EC parameters use the header and footer lines:

 -----BEGIN EC PARAMETERS-----
 -----END EC PARAMETERS-----

OpenSSL is currently not able to generate new groups and therefore
B<ecparam> can only create EC parameters from known (named) curves. 

=head1 EXAMPLES

To create EC parameters with the group 'prime192v1':

  openssl ecparam -out ec_param.pem -name prime192v1

To create EC parameters with explicit parameters:

  openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit

To validate given EC parameters:

  openssl ecparam -in ec_param.pem -check

To create EC parameters and a private key:

  openssl ecparam -out ec_key.pem -name prime192v1 -genkey

To change the point encoding to 'compressed':

  openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed

To print out the EC parameters to standard output:

  openssl ecparam -in ec_param.pem -noout -text

=head1 SEE ALSO

L<ec(1)|ec(1)>, L<dsaparam(1)|dsaparam(1)>

=head1 HISTORY

The ecparam command was first introduced in OpenSSL 0.9.8.

=head1 AUTHOR

Nils Larsch for the OpenSSL project (http://www.openssl.org)

=cut