1=pod 2 3=head1 NAME 4 5dsaparam - DSA parameter manipulation and generation 6 7=head1 SYNOPSIS 8 9B<openssl dsaparam> 10[B<-inform DER|PEM>] 11[B<-outform DER|PEM>] 12[B<-in filename>] 13[B<-out filename>] 14[B<-noout>] 15[B<-text>] 16[B<-C>] 17[B<-rand file(s)>] 18[B<-genkey>] 19[B<-engine id>] 20[B<numbits>] 21 22=head1 DESCRIPTION 23 24This command is used to manipulate or generate DSA parameter files. 25 26=head1 OPTIONS 27 28=over 4 29 30=item B<-inform DER|PEM> 31 32This specifies the input format. The B<DER> option uses an ASN1 DER encoded 33form compatible with RFC2459 (PKIX) DSS-Parms that is a SEQUENCE consisting 34of p, q and g respectively. The PEM form is the default format: it consists 35of the B<DER> format base64 encoded with additional header and footer lines. 36 37=item B<-outform DER|PEM> 38 39This specifies the output format, the options have the same meaning as the 40B<-inform> option. 41 42=item B<-in filename> 43 44This specifies the input filename to read parameters from or standard input if 45this option is not specified. If the B<numbits> parameter is included then 46this option will be ignored. 47 48=item B<-out filename> 49 50This specifies the output filename parameters to. Standard output is used 51if this option is not present. The output filename should B<not> be the same 52as the input filename. 53 54=item B<-noout> 55 56this option inhibits the output of the encoded version of the parameters. 57 58=item B<-text> 59 60this option prints out the DSA parameters in human readable form. 61 62=item B<-C> 63 64this option converts the parameters into C code. The parameters can then 65be loaded by calling the B<get_dsaXXX()> function. 66 67=item B<-genkey> 68 69this option will generate a DSA either using the specified or generated 70parameters. 71 72=item B<-rand file(s)> 73 74a file or files containing random data used to seed the random number 75generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). 76Multiple files can be specified separated by a OS-dependent character. 77The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for 78all others. 79 80=item B<numbits> 81 82this option specifies that a parameter set should be generated of size 83B<numbits>. It must be the last option. If this option is included then 84the input file (if any) is ignored. 85 86=item B<-engine id> 87 88specifying an engine (by its unique B<id> string) will cause B<dsaparam> 89to attempt to obtain a functional reference to the specified engine, 90thus initialising it if needed. The engine will then be set as the default 91for all available algorithms. 92 93=back 94 95=head1 NOTES 96 97PEM format DSA parameters use the header and footer lines: 98 99 -----BEGIN DSA PARAMETERS----- 100 -----END DSA PARAMETERS----- 101 102DSA parameter generation is a slow process and as a result the same set of 103DSA parameters is often used to generate several distinct keys. 104 105=head1 SEE ALSO 106 107L<gendsa(1)|gendsa(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>, 108L<rsa(1)|rsa(1)> 109 110=cut 111