| version 1.44, 2016/08/03 06:43:21 |
version 1.45, 2016/08/05 08:12:12 |
|
|
| If this value is present, the input file is ignored and |
If this value is present, the input file is ignored and |
| parameters are generated instead. |
parameters are generated instead. |
| .El |
.El |
| .\" |
|
| .\" DSA |
|
| .\" |
|
| .Sh DSA |
.Sh DSA |
| .nr nS 1 |
.nr nS 1 |
| .Nm "openssl dsa" |
.Nm "openssl dsa" |
| .Bk -words |
|
| .Oo |
.Oo |
| .Fl aes128 | aes192 | aes256 | |
.Fl aes128 | aes192 | aes256 | |
| .Fl des | des3 |
.Fl des | des3 |
| .Oc |
.Oc |
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl inform Ar DER | PEM |
.Op Fl inform Cm der | pem |
| .Op Fl modulus |
.Op Fl modulus |
| .Op Fl noout |
.Op Fl noout |
| .Op Fl out Ar file |
.Op Fl out Ar file |
| .Op Fl outform Ar DER | PEM |
.Op Fl outform Cm der | pem |
| .Op Fl passin Ar arg |
.Op Fl passin Ar arg |
| .Op Fl passout Ar arg |
.Op Fl passout Ar arg |
| .Op Fl pubin |
.Op Fl pubin |
| .Op Fl pubout |
.Op Fl pubout |
| .Op Fl text |
.Op Fl text |
| .Ek |
|
| .nr nS 0 |
.nr nS 0 |
| .Pp |
.Pp |
| The |
The |
|
|
| .Nm pkcs8 |
.Nm pkcs8 |
| command. |
command. |
| .Pp |
.Pp |
| |
The PEM private key format uses the header and footer lines: |
| |
.Bd -unfilled -offset indent |
| |
-----BEGIN DSA PRIVATE KEY----- |
| |
-----END DSA PRIVATE KEY----- |
| |
.Ed |
| |
.Pp |
| |
The PEM public key format uses the header and footer lines: |
| |
.Bd -unfilled -offset indent |
| |
-----BEGIN PUBLIC KEY----- |
| |
-----END PUBLIC KEY----- |
| |
.Ed |
| |
.Pp |
| The options are as follows: |
The options are as follows: |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Xo |
.It Xo |
| .Fl aes128 | aes192 | aes256 | |
.Fl aes128 | aes192 | aes256 | |
| .Fl des | des3 |
.Fl des | des3 |
| .Xc |
.Xc |
| These options encrypt the private key with the AES, DES, or the triple DES |
Encrypt the private key with the AES, DES, or the triple DES |
| ciphers, respectively, before outputting it. |
ciphers, respectively, before outputting it. |
| A pass phrase is prompted for. |
A pass phrase is prompted for. |
| If none of these options is specified, the key is written in plain text. |
If none of these options are specified, the key is written in plain text. |
| This means that using the |
This means that using the |
| .Nm dsa |
.Nm dsa |
| utility to read in an encrypted key with no encryption option can be used to |
utility to read an encrypted key with no encryption option can be used to |
| remove the pass phrase from a key, |
remove the pass phrase from a key, |
| or by setting the encryption options it can be use to add or change |
or by setting the encryption options it can be used to add or change |
| the pass phrase. |
the pass phrase. |
| These options can only be used with PEM format output files. |
These options can only be used with PEM format output files. |
| .It Fl in Ar file |
.It Fl in Ar file |
| This specifies the input |
The input file to read from, |
| .Ar file |
or standard input if not specified. |
| to read a key from, or standard input if this option is not specified. |
|
| If the key is encrypted, a pass phrase will be prompted for. |
If the key is encrypted, a pass phrase will be prompted for. |
| .It Fl inform Ar DER | PEM |
.It Fl inform Cm der | pem |
| This specifies the input format. |
The input format. |
| The |
.Cm der |
| .Ar DER |
with a private key uses an ASN1 DER-encoded form of an ASN.1 |
| argument with a private key uses an ASN1 DER-encoded form of an ASN.1 |
|
| SEQUENCE consisting of the values of version |
SEQUENCE consisting of the values of version |
| .Pq currently zero , |
.Pq currently zero , |
| P, Q, G, |
P, Q, G, |
|
|
| .Em SubjectPublicKeyInfo |
.Em SubjectPublicKeyInfo |
| structure: it is an error if the key is not DSA. |
structure: it is an error if the key is not DSA. |
| .Pp |
.Pp |
| The |
.Cm pem |
| .Ar PEM |
is the default format: |
| form is the default format: |
|
| it consists of the DER format base64-encoded with additional header and footer |
it consists of the DER format base64-encoded with additional header and footer |
| lines. |
lines. |
| In the case of a private key, PKCS#8 format is also accepted. |
In the case of a private key, PKCS#8 format is also accepted. |
| .It Fl modulus |
.It Fl modulus |
| This option prints out the value of the public key component of the key. |
Print the value of the public key component of the key. |
| .It Fl noout |
.It Fl noout |
| This option prevents output of the encoded version of the key. |
Prevent output of the encoded version of the key. |
| .It Fl out Ar file |
.It Fl out Ar file |
| This specifies the output |
The output file to write to, |
| .Ar file |
or standard output if not specified. |
| to write a key to, or standard output if not specified. |
|
| If any encryption options are set then a pass phrase will be |
If any encryption options are set then a pass phrase will be |
| prompted for. |
prompted for. |
| The output filename should |
.It Fl outform Cm der | pem |
| .Em not |
The output format. |
| be the same as the input filename. |
|
| .It Fl outform Ar DER | PEM |
|
| This specifies the output format; the options have the same meaning as the |
|
| .Fl inform |
|
| option. |
|
| .It Fl passin Ar arg |
.It Fl passin Ar arg |
| The key password source. |
The key password source. |
| .It Fl passout Ar arg |
.It Fl passout Ar arg |
|
|
| With this option a public key will be output instead. |
With this option a public key will be output instead. |
| This option is automatically set if the input is a public key. |
This option is automatically set if the input is a public key. |
| .It Fl text |
.It Fl text |
| Prints out the public/private key components and parameters. |
Print out the public/private key components and parameters. |
| .El |
.El |
| .Sh DSA NOTES |
|
| The PEM private key format uses the header and footer lines: |
|
| .Bd -unfilled -offset indent |
|
| -----BEGIN DSA PRIVATE KEY----- |
|
| -----END DSA PRIVATE KEY----- |
|
| .Ed |
|
| .Pp |
|
| The PEM public key format uses the header and footer lines: |
|
| .Bd -unfilled -offset indent |
|
| -----BEGIN PUBLIC KEY----- |
|
| -----END PUBLIC KEY----- |
|
| .Ed |
|
| .Sh DSA EXAMPLES |
|
| To remove the pass phrase on a DSA private key: |
|
| .Pp |
|
| .Dl $ openssl dsa -in key.pem -out keyout.pem |
|
| .Pp |
|
| To encrypt a private key using triple DES: |
|
| .Pp |
|
| .Dl $ openssl dsa -in key.pem -des3 -out keyout.pem |
|
| .Pp |
|
| To convert a private key from PEM to DER format: |
|
| .Pp |
|
| .Dl $ openssl dsa -in key.pem -outform DER -out keyout.der |
|
| .Pp |
|
| To print out the components of a private key to standard output: |
|
| .Pp |
|
| .Dl $ openssl dsa -in key.pem -text -noout |
|
| .Pp |
|
| To just output the public part of a private key: |
|
| .Pp |
|
| .Dl $ openssl dsa -in key.pem -pubout -out pubkey.pem |
|
| .\" |
.\" |
| .\" DSAPARAM |
.\" DSAPARAM |
| .\" |
.\" |
![[BACK]](/icons/back.gif){kind=icon}
Return to openssl.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl