version 1.46, 2016/08/08 18:13:51 |
version 1.47, 2016/08/09 17:07:33 |
|
|
.Ar numbits . |
.Ar numbits . |
If this option is included, the input file is ignored. |
If this option is included, the input file is ignored. |
.El |
.El |
.\" |
|
.\" EC |
|
.\" |
|
.Sh EC |
.Sh EC |
.nr nS 1 |
.nr nS 1 |
.Nm "openssl ec" |
.Nm "openssl ec" |
.Bk -words |
|
.Op Fl conv_form Ar arg |
.Op Fl conv_form Ar arg |
.Op Fl des |
.Op Fl des |
.Op Fl des3 |
.Op Fl des3 |
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inform Ar DER | PEM |
.Op Fl inform Cm der | pem |
.Op Fl noout |
.Op Fl noout |
.Op Fl out Ar file |
.Op Fl out Ar file |
.Op Fl outform Ar DER | PEM |
.Op Fl outform Cm der | pem |
.Op Fl param_enc Ar arg |
.Op Fl param_enc Ar arg |
.Op Fl param_out |
.Op Fl param_out |
.Op Fl passin Ar arg |
.Op Fl passin Ar arg |
|
|
.Op Fl pubin |
.Op Fl pubin |
.Op Fl pubout |
.Op Fl pubout |
.Op Fl text |
.Op Fl text |
.Ek |
|
.nr nS 0 |
.nr nS 0 |
.Pp |
.Pp |
The |
The |
|
|
command processes EC keys. |
command processes EC keys. |
They can be converted between various |
They can be converted between various |
forms and their components printed out. |
forms and their components printed out. |
Note: |
.Nm openssl |
.Nm OpenSSL |
|
uses the private key format specified in |
uses the private key format specified in |
.Dq SEC 1: Elliptic Curve Cryptography |
.Dq SEC 1: Elliptic Curve Cryptography |
.Pq Lk http://www.secg.org/ . |
.Pq Lk http://www.secg.org/ . |
To convert an |
To convert an |
.Nm OpenSSL |
|
EC private key into the PKCS#8 private key format use the |
EC private key into the PKCS#8 private key format use the |
.Nm pkcs8 |
.Nm pkcs8 |
command. |
command. |
.Pp |
.Pp |
|
The PEM private key format uses the header and footer lines: |
|
.Bd -literal -offset indent |
|
-----BEGIN EC PRIVATE KEY----- |
|
-----END EC PRIVATE KEY----- |
|
.Ed |
|
.Pp |
|
The PEM public key format uses the header and footer lines: |
|
.Bd -literal -offset indent |
|
-----BEGIN PUBLIC KEY----- |
|
-----END PUBLIC KEY----- |
|
.Ed |
|
.Pp |
The options are as follows: |
The options are as follows: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Fl conv_form Ar arg |
.It Fl conv_form Ar arg |
This specifies how the points on the elliptic curve are converted |
Specify how the points on the elliptic curve are converted |
into octet strings. |
into octet strings. |
Possible values are: |
Possible values are: |
.Cm compressed |
.Cm compressed |
(the default value), |
(the default), |
.Cm uncompressed , |
.Cm uncompressed , |
and |
and |
.Cm hybrid . |
.Cm hybrid . |
For more information regarding |
For more information regarding |
the point conversion forms please read the X9.62 standard. |
the point conversion forms see the X9.62 standard. |
Note: |
Note: |
Due to patent issues the |
Due to patent issues the |
.Cm compressed |
.Cm compressed |
option is disabled by default for binary curves |
option is disabled by default for binary curves |
and can be enabled by defining the preprocessor macro |
and can be enabled by defining the preprocessor macro |
.Ar OPENSSL_EC_BIN_PT_COMP |
.Dv OPENSSL_EC_BIN_PT_COMP |
at compile time. |
at compile time. |
.It Fl des | des3 |
.It Fl des | des3 |
These options encrypt the private key with the DES, triple DES, or |
Encrypt the private key with DES, triple DES, or |
any other cipher supported by |
any other cipher supported by |
.Nm OpenSSL |
.Nm openssl . |
before outputting it. |
|
A pass phrase is prompted for. |
A pass phrase is prompted for. |
If none of these options is specified the key is written in plain text. |
If none of these options is specified the key is written in plain text. |
This means that using the |
This means that using the |
|
|
it can be use to add or change the pass phrase. |
it can be use to add or change the pass phrase. |
These options can only be used with PEM format output files. |
These options can only be used with PEM format output files. |
.It Fl in Ar file |
.It Fl in Ar file |
This specifies the input filename to read a key from, |
The input file to read a key from, |
or standard input if this option is not specified. |
or standard input if not specified. |
If the key is encrypted a pass phrase will be prompted for. |
If the key is encrypted a pass phrase will be prompted for. |
.It Fl inform Ar DER | PEM |
.It Fl inform Cm der | pem |
This specifies the input format. |
The input format. |
DER with a private key uses |
.Cm der |
|
with a private key uses |
an ASN.1 DER-encoded SEC1 private key. |
an ASN.1 DER-encoded SEC1 private key. |
When used with a public key it |
When used with a public key it |
uses the SubjectPublicKeyInfo structure as specified in RFC 3280. |
uses the SubjectPublicKeyInfo structure as specified in RFC 3280. |
PEM is the default format: |
.Cm pem |
|
is the default format: |
it consists of the DER format base64 |
it consists of the DER format base64 |
encoded with additional header and footer lines. |
encoded with additional header and footer lines. |
In the case of a private key |
In the case of a private key |
PKCS#8 format is also accepted. |
PKCS#8 format is also accepted. |
.It Fl noout |
.It Fl noout |
Prevents output of the encoded version of the key. |
Do not output the encoded version of the key. |
.It Fl out Ar file |
.It Fl out Ar file |
Specifies the output filename to write a key to, |
The output filename to write to, |
or standard output if none is specified. |
or standard output if not specified. |
If any encryption options are set then a pass phrase will be prompted for. |
If any encryption options are set then a pass phrase will be prompted for. |
The output filename should |
.It Fl outform Cm der | pem |
.Em not |
The output format. |
be the same as the input filename. |
|
.It Fl outform Ar DER | PEM |
|
This specifies the output format. |
|
The options have the same meaning as the |
|
.Fl inform |
|
option. |
|
.It Fl param_enc Ar arg |
.It Fl param_enc Ar arg |
This specifies how the elliptic curve parameters are encoded. |
Specify how the elliptic curve parameters are encoded. |
Possible value are: |
Possible value are: |
.Cm named_curve , |
.Cm named_curve , |
i.e. the EC parameters are specified by an OID; or |
i.e. the EC parameters are specified by an OID; or |
|
|
.Cm implicitlyCA |
.Cm implicitlyCA |
alternative, |
alternative, |
as specified in RFC 3279, |
as specified in RFC 3279, |
is currently not implemented in |
is currently not implemented. |
.Nm OpenSSL . |
|
.It Fl passin Ar arg |
.It Fl passin Ar arg |
The key password source. |
The key password source. |
.It Fl passout Ar arg |
.It Fl passout Ar arg |
|
|
with this option a public key is output instead. |
with this option a public key is output instead. |
This option is automatically set if the input is a public key. |
This option is automatically set if the input is a public key. |
.It Fl text |
.It Fl text |
Prints out the public/private key components and parameters. |
Print out the public/private key components and parameters. |
.El |
.El |
.Sh EC NOTES |
|
The PEM private key format uses the header and footer lines: |
|
.Bd -literal -offset indent |
|
-----BEGIN EC PRIVATE KEY----- |
|
-----END EC PRIVATE KEY----- |
|
.Ed |
|
.Pp |
|
The PEM public key format uses the header and footer lines: |
|
.Bd -literal -offset indent |
|
-----BEGIN PUBLIC KEY----- |
|
-----END PUBLIC KEY----- |
|
.Ed |
|
.Sh EC EXAMPLES |
|
To encrypt a private key using triple DES: |
|
.Bd -literal -offset indent |
|
$ openssl ec -in key.pem -des3 -out keyout.pem |
|
.Ed |
|
.Pp |
|
To convert a private key from PEM to DER format: |
|
.Bd -literal -offset indent |
|
$ openssl ec -in key.pem -outform DER -out keyout.der |
|
.Ed |
|
.Pp |
|
To print out the components of a private key to standard output: |
|
.Bd -literal -offset indent |
|
$ openssl ec -in key.pem -text -noout |
|
.Ed |
|
.Pp |
|
To just output the public part of a private key: |
|
.Bd -literal -offset indent |
|
$ openssl ec -in key.pem -pubout -out pubkey.pem |
|
.Ed |
|
.Pp |
|
To change the parameter encoding to |
|
.Cm explicit : |
|
.Bd -literal -offset indent |
|
$ openssl ec -in key.pem -param_enc explicit -out keyout.pem |
|
.Ed |
|
.Pp |
|
To change the point conversion form to |
|
.Cm compressed : |
|
.Bd -literal -offset indent |
|
$ openssl ec -in key.pem -conv_form compressed -out keyout.pem |
|
.Ed |
|
.Sh EC HISTORY |
|
The |
|
.Nm ec |
|
command was first introduced in |
|
.Nm OpenSSL |
|
0.9.8. |
|
.Sh EC AUTHORS |
|
.An Nils Larsch . |
|
.\" |
.\" |
.\" ECPARAM |
.\" ECPARAM |
.\" |
.\" |