| version 1.46, 2016/08/08 18:13:51 |
version 1.47, 2016/08/09 17:07:33 |
|
|
| .Ar numbits . |
.Ar numbits . |
| If this option is included, the input file is ignored. |
If this option is included, the input file is ignored. |
| .El |
.El |
| .\" |
|
| .\" EC |
|
| .\" |
|
| .Sh EC |
.Sh EC |
| .nr nS 1 |
.nr nS 1 |
| .Nm "openssl ec" |
.Nm "openssl ec" |
| .Bk -words |
|
| .Op Fl conv_form Ar arg |
.Op Fl conv_form Ar arg |
| .Op Fl des |
.Op Fl des |
| .Op Fl des3 |
.Op Fl des3 |
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl inform Ar DER | PEM |
.Op Fl inform Cm der | pem |
| .Op Fl noout |
.Op Fl noout |
| .Op Fl out Ar file |
.Op Fl out Ar file |
| .Op Fl outform Ar DER | PEM |
.Op Fl outform Cm der | pem |
| .Op Fl param_enc Ar arg |
.Op Fl param_enc Ar arg |
| .Op Fl param_out |
.Op Fl param_out |
| .Op Fl passin Ar arg |
.Op Fl passin Ar arg |
|
|
| .Op Fl pubin |
.Op Fl pubin |
| .Op Fl pubout |
.Op Fl pubout |
| .Op Fl text |
.Op Fl text |
| .Ek |
|
| .nr nS 0 |
.nr nS 0 |
| .Pp |
.Pp |
| The |
The |
|
|
| command processes EC keys. |
command processes EC keys. |
| They can be converted between various |
They can be converted between various |
| forms and their components printed out. |
forms and their components printed out. |
| Note: |
.Nm openssl |
| .Nm OpenSSL |
|
| uses the private key format specified in |
uses the private key format specified in |
| .Dq SEC 1: Elliptic Curve Cryptography |
.Dq SEC 1: Elliptic Curve Cryptography |
| .Pq Lk http://www.secg.org/ . |
.Pq Lk http://www.secg.org/ . |
| To convert an |
To convert an |
| .Nm OpenSSL |
|
| EC private key into the PKCS#8 private key format use the |
EC private key into the PKCS#8 private key format use the |
| .Nm pkcs8 |
.Nm pkcs8 |
| command. |
command. |
| .Pp |
.Pp |
| |
The PEM private key format uses the header and footer lines: |
| |
.Bd -literal -offset indent |
| |
-----BEGIN EC PRIVATE KEY----- |
| |
-----END EC PRIVATE KEY----- |
| |
.Ed |
| |
.Pp |
| |
The PEM public key format uses the header and footer lines: |
| |
.Bd -literal -offset indent |
| |
-----BEGIN PUBLIC KEY----- |
| |
-----END PUBLIC KEY----- |
| |
.Ed |
| |
.Pp |
| The options are as follows: |
The options are as follows: |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Fl conv_form Ar arg |
.It Fl conv_form Ar arg |
| This specifies how the points on the elliptic curve are converted |
Specify how the points on the elliptic curve are converted |
| into octet strings. |
into octet strings. |
| Possible values are: |
Possible values are: |
| .Cm compressed |
.Cm compressed |
| (the default value), |
(the default), |
| .Cm uncompressed , |
.Cm uncompressed , |
| and |
and |
| .Cm hybrid . |
.Cm hybrid . |
| For more information regarding |
For more information regarding |
| the point conversion forms please read the X9.62 standard. |
the point conversion forms see the X9.62 standard. |
| Note: |
Note: |
| Due to patent issues the |
Due to patent issues the |
| .Cm compressed |
.Cm compressed |
| option is disabled by default for binary curves |
option is disabled by default for binary curves |
| and can be enabled by defining the preprocessor macro |
and can be enabled by defining the preprocessor macro |
| .Ar OPENSSL_EC_BIN_PT_COMP |
.Dv OPENSSL_EC_BIN_PT_COMP |
| at compile time. |
at compile time. |
| .It Fl des | des3 |
.It Fl des | des3 |
| These options encrypt the private key with the DES, triple DES, or |
Encrypt the private key with DES, triple DES, or |
| any other cipher supported by |
any other cipher supported by |
| .Nm OpenSSL |
.Nm openssl . |
| before outputting it. |
|
| A pass phrase is prompted for. |
A pass phrase is prompted for. |
| If none of these options is specified the key is written in plain text. |
If none of these options is specified the key is written in plain text. |
| This means that using the |
This means that using the |
|
|
| it can be use to add or change the pass phrase. |
it can be use to add or change the pass phrase. |
| These options can only be used with PEM format output files. |
These options can only be used with PEM format output files. |
| .It Fl in Ar file |
.It Fl in Ar file |
| This specifies the input filename to read a key from, |
The input file to read a key from, |
| or standard input if this option is not specified. |
or standard input if not specified. |
| If the key is encrypted a pass phrase will be prompted for. |
If the key is encrypted a pass phrase will be prompted for. |
| .It Fl inform Ar DER | PEM |
.It Fl inform Cm der | pem |
| This specifies the input format. |
The input format. |
| DER with a private key uses |
.Cm der |
| |
with a private key uses |
| an ASN.1 DER-encoded SEC1 private key. |
an ASN.1 DER-encoded SEC1 private key. |
| When used with a public key it |
When used with a public key it |
| uses the SubjectPublicKeyInfo structure as specified in RFC 3280. |
uses the SubjectPublicKeyInfo structure as specified in RFC 3280. |
| PEM is the default format: |
.Cm pem |
| |
is the default format: |
| it consists of the DER format base64 |
it consists of the DER format base64 |
| encoded with additional header and footer lines. |
encoded with additional header and footer lines. |
| In the case of a private key |
In the case of a private key |
| PKCS#8 format is also accepted. |
PKCS#8 format is also accepted. |
| .It Fl noout |
.It Fl noout |
| Prevents output of the encoded version of the key. |
Do not output the encoded version of the key. |
| .It Fl out Ar file |
.It Fl out Ar file |
| Specifies the output filename to write a key to, |
The output filename to write to, |
| or standard output if none is specified. |
or standard output if not specified. |
| If any encryption options are set then a pass phrase will be prompted for. |
If any encryption options are set then a pass phrase will be prompted for. |
| The output filename should |
.It Fl outform Cm der | pem |
| .Em not |
The output format. |
| be the same as the input filename. |
|
| .It Fl outform Ar DER | PEM |
|
| This specifies the output format. |
|
| The options have the same meaning as the |
|
| .Fl inform |
|
| option. |
|
| .It Fl param_enc Ar arg |
.It Fl param_enc Ar arg |
| This specifies how the elliptic curve parameters are encoded. |
Specify how the elliptic curve parameters are encoded. |
| Possible value are: |
Possible value are: |
| .Cm named_curve , |
.Cm named_curve , |
| i.e. the EC parameters are specified by an OID; or |
i.e. the EC parameters are specified by an OID; or |
|
|
| .Cm implicitlyCA |
.Cm implicitlyCA |
| alternative, |
alternative, |
| as specified in RFC 3279, |
as specified in RFC 3279, |
| is currently not implemented in |
is currently not implemented. |
| .Nm OpenSSL . |
|
| .It Fl passin Ar arg |
.It Fl passin Ar arg |
| The key password source. |
The key password source. |
| .It Fl passout Ar arg |
.It Fl passout Ar arg |
|
|
| with this option a public key is output instead. |
with this option a public key is output instead. |
| This option is automatically set if the input is a public key. |
This option is automatically set if the input is a public key. |
| .It Fl text |
.It Fl text |
| Prints out the public/private key components and parameters. |
Print out the public/private key components and parameters. |
| .El |
.El |
| .Sh EC NOTES |
|
| The PEM private key format uses the header and footer lines: |
|
| .Bd -literal -offset indent |
|
| -----BEGIN EC PRIVATE KEY----- |
|
| -----END EC PRIVATE KEY----- |
|
| .Ed |
|
| .Pp |
|
| The PEM public key format uses the header and footer lines: |
|
| .Bd -literal -offset indent |
|
| -----BEGIN PUBLIC KEY----- |
|
| -----END PUBLIC KEY----- |
|
| .Ed |
|
| .Sh EC EXAMPLES |
|
| To encrypt a private key using triple DES: |
|
| .Bd -literal -offset indent |
|
| $ openssl ec -in key.pem -des3 -out keyout.pem |
|
| .Ed |
|
| .Pp |
|
| To convert a private key from PEM to DER format: |
|
| .Bd -literal -offset indent |
|
| $ openssl ec -in key.pem -outform DER -out keyout.der |
|
| .Ed |
|
| .Pp |
|
| To print out the components of a private key to standard output: |
|
| .Bd -literal -offset indent |
|
| $ openssl ec -in key.pem -text -noout |
|
| .Ed |
|
| .Pp |
|
| To just output the public part of a private key: |
|
| .Bd -literal -offset indent |
|
| $ openssl ec -in key.pem -pubout -out pubkey.pem |
|
| .Ed |
|
| .Pp |
|
| To change the parameter encoding to |
|
| .Cm explicit : |
|
| .Bd -literal -offset indent |
|
| $ openssl ec -in key.pem -param_enc explicit -out keyout.pem |
|
| .Ed |
|
| .Pp |
|
| To change the point conversion form to |
|
| .Cm compressed : |
|
| .Bd -literal -offset indent |
|
| $ openssl ec -in key.pem -conv_form compressed -out keyout.pem |
|
| .Ed |
|
| .Sh EC HISTORY |
|
| The |
|
| .Nm ec |
|
| command was first introduced in |
|
| .Nm OpenSSL |
|
| 0.9.8. |
|
| .Sh EC AUTHORS |
|
| .An Nils Larsch . |
|
| .\" |
.\" |
| .\" ECPARAM |
.\" ECPARAM |
| .\" |
.\" |
![[BACK]](/icons/back.gif){kind=icon}
Return to openssl.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl