1160814Ssimon=pod
2160814Ssimon
3160814Ssimon=head1 NAME
4160814Ssimon
5160814Ssimonecparam - EC parameter manipulation and generation
6160814Ssimon
7160814Ssimon=head1 SYNOPSIS
8160814Ssimon
9160814SsimonB<openssl ecparam>
10160814Ssimon[B<-inform DER|PEM>]
11160814Ssimon[B<-outform DER|PEM>]
12160814Ssimon[B<-in filename>]
13160814Ssimon[B<-out filename>]
14160814Ssimon[B<-noout>]
15160814Ssimon[B<-text>]
16160814Ssimon[B<-C>]
17160814Ssimon[B<-check>]
18160814Ssimon[B<-name arg>]
19269686Sjkim[B<-list_curves>]
20160814Ssimon[B<-conv_form arg>]
21160814Ssimon[B<-param_enc arg>]
22160814Ssimon[B<-no_seed>]
23160814Ssimon[B<-rand file(s)>]
24160814Ssimon[B<-genkey>]
25160814Ssimon[B<-engine id>]
26160814Ssimon
27160814Ssimon=head1 DESCRIPTION
28160814Ssimon
29160814SsimonThis command is used to manipulate or generate EC parameter files.
30160814Ssimon
31160814Ssimon=head1 OPTIONS
32160814Ssimon
33160814Ssimon=over 4
34160814Ssimon
35160814Ssimon=item B<-inform DER|PEM>
36160814Ssimon
37160814SsimonThis specifies the input format. The B<DER> option uses an ASN.1 DER encoded
38160814Ssimonform compatible with RFC 3279 EcpkParameters. The PEM form is the default
39160814Ssimonformat: it consists of the B<DER> format base64 encoded with additional 
40160814Ssimonheader and footer lines.
41160814Ssimon
42160814Ssimon=item B<-outform DER|PEM>
43160814Ssimon
44160814SsimonThis specifies the output format, the options have the same meaning as the 
45160814SsimonB<-inform> option.
46160814Ssimon
47160814Ssimon=item B<-in filename>
48160814Ssimon
49160814SsimonThis specifies the input filename to read parameters from or standard input if
50160814Ssimonthis option is not specified.
51160814Ssimon
52160814Ssimon=item B<-out filename>
53160814Ssimon
54160814SsimonThis specifies the output filename parameters to. Standard output is used
55160814Ssimonif this option is not present. The output filename should B<not> be the same
56160814Ssimonas the input filename.
57160814Ssimon
58160814Ssimon=item B<-noout>
59160814Ssimon
60160814SsimonThis option inhibits the output of the encoded version of the parameters.
61160814Ssimon
62160814Ssimon=item B<-text>
63160814Ssimon
64160814SsimonThis option prints out the EC parameters in human readable form.
65160814Ssimon
66160814Ssimon=item B<-C>
67160814Ssimon
68160814SsimonThis option converts the EC parameters into C code. The parameters can then
69160814Ssimonbe loaded by calling the B<get_ec_group_XXX()> function.
70160814Ssimon
71160814Ssimon=item B<-check>
72160814Ssimon
73160814SsimonValidate the elliptic curve parameters.
74160814Ssimon
75160814Ssimon=item B<-name arg>
76160814Ssimon
77160814SsimonUse the EC parameters with the specified 'short' name. Use B<-list_curves>
78160814Ssimonto get a list of all currently implemented EC parameters.
79160814Ssimon
80160814Ssimon=item B<-list_curves>
81160814Ssimon
82160814SsimonIf this options is specified B<ecparam> will print out a list of all
83160814Ssimoncurrently implemented EC parameters names and exit.
84160814Ssimon
85160814Ssimon=item B<-conv_form>
86160814Ssimon
87160814SsimonThis specifies how the points on the elliptic curve are converted
88160814Ssimoninto octet strings. Possible values are: B<compressed> (the default
89160814Ssimonvalue), B<uncompressed> and B<hybrid>. For more information regarding
90160814Ssimonthe point conversion forms please read the X9.62 standard.
91160814SsimonB<Note> Due to patent issues the B<compressed> option is disabled
92160814Ssimonby default for binary curves and can be enabled by defining
93160814Ssimonthe preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.
94160814Ssimon
95160814Ssimon=item B<-param_enc arg>
96160814Ssimon
97160814SsimonThis specifies how the elliptic curve parameters are encoded.
98160814SsimonPossible value are: B<named_curve>, i.e. the ec parameters are
99160814Ssimonspecified by a OID, or B<explicit> where the ec parameters are
100160814Ssimonexplicitly given (see RFC 3279 for the definition of the 
101160814SsimonEC parameters structures). The default value is B<named_curve>.
102160814SsimonB<Note> the B<implicitlyCA> alternative ,as specified in RFC 3279,
103160814Ssimonis currently not implemented in OpenSSL.
104160814Ssimon
105160814Ssimon=item B<-no_seed>
106160814Ssimon
107160814SsimonThis option inhibits that the 'seed' for the parameter generation
108160814Ssimonis included in the ECParameters structure (see RFC 3279).
109160814Ssimon
110160814Ssimon=item B<-genkey>
111160814Ssimon
112160814SsimonThis option will generate a EC private key using the specified parameters.
113160814Ssimon
114160814Ssimon=item B<-rand file(s)>
115160814Ssimon
116160814Ssimona file or files containing random data used to seed the random number
117160814Ssimongenerator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
118160814SsimonMultiple files can be specified separated by a OS-dependent character.
119160814SsimonThe separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
120160814Ssimonall others.
121160814Ssimon
122160814Ssimon=item B<-engine id>
123160814Ssimon
124238405Sjkimspecifying an engine (by its unique B<id> string) will cause B<ecparam>
125160814Ssimonto attempt to obtain a functional reference to the specified engine,
126160814Ssimonthus initialising it if needed. The engine will then be set as the default
127160814Ssimonfor all available algorithms.
128160814Ssimon
129160814Ssimon=back
130160814Ssimon
131160814Ssimon=head1 NOTES
132160814Ssimon
133160814SsimonPEM format EC parameters use the header and footer lines:
134160814Ssimon
135160814Ssimon -----BEGIN EC PARAMETERS-----
136160814Ssimon -----END EC PARAMETERS-----
137160814Ssimon
138160814SsimonOpenSSL is currently not able to generate new groups and therefore
139160814SsimonB<ecparam> can only create EC parameters from known (named) curves. 
140160814Ssimon
141160814Ssimon=head1 EXAMPLES
142160814Ssimon
143160814SsimonTo create EC parameters with the group 'prime192v1':
144160814Ssimon
145160814Ssimon  openssl ecparam -out ec_param.pem -name prime192v1
146160814Ssimon
147160814SsimonTo create EC parameters with explicit parameters:
148160814Ssimon
149160814Ssimon  openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit
150160814Ssimon
151160814SsimonTo validate given EC parameters:
152160814Ssimon
153160814Ssimon  openssl ecparam -in ec_param.pem -check
154160814Ssimon
155160814SsimonTo create EC parameters and a private key:
156160814Ssimon
157160814Ssimon  openssl ecparam -out ec_key.pem -name prime192v1 -genkey
158160814Ssimon
159160814SsimonTo change the point encoding to 'compressed':
160160814Ssimon
161160814Ssimon  openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed
162160814Ssimon
163160814SsimonTo print out the EC parameters to standard output:
164160814Ssimon
165160814Ssimon  openssl ecparam -in ec_param.pem -noout -text
166160814Ssimon
167160814Ssimon=head1 SEE ALSO
168160814Ssimon
169160814SsimonL<ec(1)|ec(1)>, L<dsaparam(1)|dsaparam(1)>
170160814Ssimon
171160814Ssimon=head1 HISTORY
172160814Ssimon
173160814SsimonThe ecparam command was first introduced in OpenSSL 0.9.8.
174160814Ssimon
175160814Ssimon=head1 AUTHOR
176160814Ssimon
177160814SsimonNils Larsch for the OpenSSL project (http://www.openssl.org)
178160814Ssimon
179160814Ssimon=cut
180