ecparam.pod revision 279264
11556Srgrimes=pod 21556Srgrimes 31556Srgrimes=head1 NAME 41556Srgrimes 51556Srgrimesecparam - EC parameter manipulation and generation 61556Srgrimes 71556Srgrimes=head1 SYNOPSIS 81556Srgrimes 91556SrgrimesB<openssl ecparam> 101556Srgrimes[B<-inform DER|PEM>] 111556Srgrimes[B<-outform DER|PEM>] 121556Srgrimes[B<-in filename>] 131556Srgrimes[B<-out filename>] 141556Srgrimes[B<-noout>] 151556Srgrimes[B<-text>] 161556Srgrimes[B<-C>] 171556Srgrimes[B<-check>] 181556Srgrimes[B<-name arg>] 191556Srgrimes[B<-list_curves>] 201556Srgrimes[B<-conv_form arg>] 211556Srgrimes[B<-param_enc arg>] 221556Srgrimes[B<-no_seed>] 231556Srgrimes[B<-rand file(s)>] 241556Srgrimes[B<-genkey>] 251556Srgrimes[B<-engine id>] 261556Srgrimes 271556Srgrimes=head1 DESCRIPTION 281556Srgrimes 291556SrgrimesThis command is used to manipulate or generate EC parameter files. 301556Srgrimes 311556Srgrimes=head1 OPTIONS 321556Srgrimes 3390153Smarkm=over 4 341556Srgrimes 3527967Ssteve=item B<-inform DER|PEM> 3690153Smarkm 3727967SsteveThis specifies the input format. The B<DER> option uses an ASN.1 DER encoded 3899109Sobrienform compatible with RFC 3279 EcpkParameters. The PEM form is the default 3999109Sobrienformat: it consists of the B<DER> format base64 encoded with additional 401556Srgrimesheader and footer lines. 411556Srgrimes 421556Srgrimes=item B<-outform DER|PEM> 43106371Stjr 441556SrgrimesThis specifies the output format, the options have the same meaning as the 451556SrgrimesB<-inform> option. 461556Srgrimes 471556Srgrimes=item B<-in filename> 4874566Sache 49129719SpjdThis specifies the input filename to read parameters from or standard input if 501556Srgrimesthis option is not specified. 511556Srgrimes 521556Srgrimes=item B<-out filename> 5391212Sbde 541556SrgrimesThis specifies the output filename parameters to. Standard output is used 5561294Sacheif this option is not present. The output filename should B<not> be the same 5661294Sacheas the input filename. 5761294Sache 5861294Sache=item B<-noout> 5961294Sache 601556SrgrimesThis option inhibits the output of the encoded version of the parameters. 611556Srgrimes 621556Srgrimes=item B<-text> 631556Srgrimes 64114583SmarkmThis option prints out the EC parameters in human readable form. 65105780Smarkm 6690110Simp=item B<-C> 6790110Simp 6890110SimpThis option converts the EC parameters into C code. The parameters can then 6961321Sachebe loaded by calling the B<get_ec_group_XXX()> function. 7090110Simp 7190110Simp=item B<-check> 7261321Sache 73114583SmarkmValidate the elliptic curve parameters. 741556Srgrimes 751556Srgrimes=item B<-name arg> 761556Srgrimes 7761268SjoeUse the EC parameters with the specified 'short' name. Use B<-list_curves> 7861178Sjoeto get a list of all currently implemented EC parameters. 7961178Sjoe 8088602Sjoe=item B<-list_curves> 8188602Sjoe 8288602SjoeIf this options is specified B<ecparam> will print out a list of all 8388602Sjoecurrently implemented EC parameters names and exit. 8488602Sjoe 8588602Sjoe=item B<-conv_form> 8688602Sjoe 8788602SjoeThis specifies how the points on the elliptic curve are converted 8888602Sjoeinto octet strings. Possible values are: B<compressed> (the default 8988602Sjoevalue), B<uncompressed> and B<hybrid>. For more information regarding 9088602Sjoethe point conversion forms please read the X9.62 standard. 9188602SjoeB<Note> Due to patent issues the B<compressed> option is disabled 9288602Sjoeby default for binary curves and can be enabled by defining 9388602Sjoethe preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time. 9488586Sjoe 9561178Sjoe=item B<-param_enc arg> 9690150Smarkm 9761178SjoeThis specifies how the elliptic curve parameters are encoded. 9888583SjoePossible value are: B<named_curve>, i.e. the ec parameters are 9988583Sjoespecified by a OID, or B<explicit> where the ec parameters are 10088586Sjoeexplicitly given (see RFC 3279 for the definition of the 10188586SjoeEC parameters structures). The default value is B<named_curve>. 10288583SjoeB<Note> the B<implicitlyCA> alternative ,as specified in RFC 3279, 10361268Sjoeis currently not implemented in OpenSSL. 10461178Sjoe 1051556Srgrimes=item B<-no_seed> 106114583Smarkm 1071556SrgrimesThis option inhibits that the 'seed' for the parameter generation 10888594Sjoeis included in the ECParameters structure (see RFC 3279). 1091556Srgrimes 1101556Srgrimes=item B<-genkey> 1111556Srgrimes 1121556SrgrimesThis option will generate a EC private key using the specified parameters. 1131556Srgrimes 1141556Srgrimes=item B<-rand file(s)> 1151556Srgrimes 1161556Srgrimesa file or files containing random data used to seed the random number 1171556Srgrimesgenerator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). 11862597SassarMultiple files can be specified separated by a OS-dependent character. 11962597SassarThe separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for 12062597Sassarall others. 121105390Stjr 12290110Simp=item B<-engine id> 12362597Sassar 12462597Sassarspecifying an engine (by its unique B<id> string) will cause B<ecparam> 12562597Sassarto attempt to obtain a functional reference to the specified engine, 12662597Sassarthus initialising it if needed. The engine will then be set as the default 12762597Sassarfor all available algorithms. 12862597Sassar 129128823Stjr=back 13062597Sassar 13162597Sassar=head1 NOTES 1321556Srgrimes 133114583SmarkmPEM format EC parameters use the header and footer lines: 1341556Srgrimes 1351556Srgrimes -----BEGIN EC PARAMETERS----- 13688594Sjoe -----END EC PARAMETERS----- 13788594Sjoe 13888594SjoeOpenSSL is currently not able to generate new groups and therefore 13961292SacheB<ecparam> can only create EC parameters from known (named) curves. 14088594Sjoe 14161292Sache=head1 EXAMPLES 142106371Stjr 143106371StjrTo create EC parameters with the group 'prime192v1': 1441556Srgrimes 1451556Srgrimes openssl ecparam -out ec_param.pem -name prime192v1 1461556Srgrimes 1471556SrgrimesTo create EC parameters with explicit parameters: 148106371Stjr 149106371Stjr openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit 1501556Srgrimes 1511556SrgrimesTo validate given EC parameters: 1521556Srgrimes 1531556Srgrimes openssl ecparam -in ec_param.pem -check 1541556Srgrimes 15520417SsteveTo create EC parameters and a private key: 1561556Srgrimes 157114583Smarkm openssl ecparam -out ec_key.pem -name prime192v1 -genkey 1581556Srgrimes 15990150SmarkmTo change the point encoding to 'compressed': 160106371Stjr 161106371Stjr openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed 162106371Stjr 163106371StjrTo print out the EC parameters to standard output: 164106371Stjr 165106371Stjr openssl ecparam -in ec_param.pem -noout -text 166106371Stjr 167106371Stjr=head1 SEE ALSO 1681556Srgrimes 1691556SrgrimesL<ec(1)|ec(1)>, L<dsaparam(1)|dsaparam(1)> 1701556Srgrimes 1711556Srgrimes=head1 HISTORY 1721556Srgrimes 1731556SrgrimesThe ecparam command was first introduced in OpenSSL 0.9.8. 174105832Srwatson 175105832Srwatson=head1 AUTHOR 1761556Srgrimes 17755514SbdeNils Larsch for the OpenSSL project (http://www.openssl.org) 17813120Sjoerg 17955514Sbde=cut 18055514Sbde