=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/openssl.1,v retrieving revision 1.47 retrieving revision 1.48 diff -c -r1.47 -r1.48 *** src/usr.bin/openssl/openssl.1 2016/08/09 17:07:33 1.47 --- src/usr.bin/openssl/openssl.1 2016/08/10 17:41:08 1.48 *************** *** 1,4 **** ! .\" $OpenBSD: openssl.1,v 1.47 2016/08/09 17:07:33 jmc Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" --- 1,4 ---- ! .\" $OpenBSD: openssl.1,v 1.48 2016/08/10 17:41:08 jmc Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" *************** *** 112,118 **** .\" .\" OPENSSL .\" ! .Dd $Mdocdate: August 9 2016 $ .Dt OPENSSL 1 .Os .Sh NAME --- 112,118 ---- .\" .\" OPENSSL .\" ! .Dd $Mdocdate: August 10 2016 $ .Dt OPENSSL 1 .Os .Sh NAME *************** *** 1015,1021 **** .It Fl outform Cm der | pem The output format. .It Fl text ! Print out the CRL in text form. .El .Sh CRL2PKCS7 .nr nS 1 --- 1015,1021 ---- .It Fl outform Cm der | pem The output format. .It Fl text ! Print the CRL in text form. .El .Sh CRL2PKCS7 .nr nS 1 *************** *** 1093,1101 **** .It Fl binary Output the digest or signature in binary form. .It Fl c ! Print out the digest in two-digit groups separated by colons. .It Fl d ! Print out BIO debugging information. .It Fl Ar digest Use the specified message .Ar digest . --- 1093,1101 ---- .It Fl binary Output the digest or signature in binary form. .It Fl c ! Print the digest in two-digit groups separated by colons. .It Fl d ! Print BIO debugging information. .It Fl Ar digest Use the specified message .Ar digest . *************** *** 1246,1252 **** .It Fl outform Cm der | pem The output format. .It Fl text ! Print out the DH parameters in human readable form. .It Ar numbits Generate a parameter set of size .Ar numbits . --- 1246,1252 ---- .It Fl outform Cm der | pem The output format. .It Fl text ! Print the DH parameters in human readable form. .It Ar numbits Generate a parameter set of size .Ar numbits . *************** *** 1361,1367 **** With this option a public key will be output instead. This option is automatically set if the input is a public key. .It Fl text ! Print out the public/private key components and parameters. .El .Sh DSAPARAM .nr nS 1 --- 1361,1367 ---- With this option a public key will be output instead. This option is automatically set if the input is a public key. .It Fl text ! Print the public/private key components and parameters. .El .Sh DSAPARAM .nr nS 1 *************** *** 1519,1526 **** uses the SubjectPublicKeyInfo structure as specified in RFC 3280. .Cm pem is the default format: ! it consists of the DER format base64 ! encoded with additional header and footer lines. In the case of a private key PKCS#8 format is also accepted. .It Fl noout --- 1519,1526 ---- uses the SubjectPublicKeyInfo structure as specified in RFC 3280. .Cm pem is the default format: ! it consists of the DER format base64-encoded ! with additional header and footer lines. In the case of a private key PKCS#8 format is also accepted. .It Fl noout *************** *** 1558,1597 **** with this option a public key is output instead. This option is automatically set if the input is a public key. .It Fl text ! Print out the public/private key components and parameters. .El - .\" - .\" ECPARAM - .\" .Sh ECPARAM .nr nS 1 .Nm "openssl ecparam" - .Bk -words .Op Fl C .Op Fl check .Op Fl conv_form Ar arg .Op Fl genkey .Op Fl in Ar file ! .Op Fl inform Ar DER | PEM .Op Fl list_curves .Op Fl name Ar arg .Op Fl no_seed .Op Fl noout .Op Fl out Ar file ! .Op Fl outform Ar DER | PEM .Op Fl param_enc Ar arg .Op Fl text - .Ek .nr nS 0 .Pp ! This command is used to manipulate or generate EC parameter files. .Pp The options are as follows: .Bl -tag -width Ds .It Fl C Convert the EC parameters into C code. The parameters can then be loaded by calling the ! .Fn get_ec_group_XXX function. .It Fl check Validate the elliptic curve parameters. --- 1558,1604 ---- with this option a public key is output instead. This option is automatically set if the input is a public key. .It Fl text ! Print the public/private key components and parameters. .El .Sh ECPARAM .nr nS 1 .Nm "openssl ecparam" .Op Fl C .Op Fl check .Op Fl conv_form Ar arg .Op Fl genkey .Op Fl in Ar file ! .Op Fl inform Cm der | pem .Op Fl list_curves .Op Fl name Ar arg .Op Fl no_seed .Op Fl noout .Op Fl out Ar file ! .Op Fl outform Cm der | pem .Op Fl param_enc Ar arg .Op Fl text .nr nS 0 .Pp ! The ! .Nm ecparam ! command is used to manipulate or generate EC parameter files. ! .Nm openssl ! is not able to generate new groups so ! .Nm ecparam ! can only create EC parameters from known (named) curves. .Pp + PEM format EC parameters use the header and footer lines: + .Bd -literal -offset indent + -----BEGIN EC PARAMETERS----- + -----END EC PARAMETERS----- + .Ed + .Pp The options are as follows: .Bl -tag -width Ds .It Fl C Convert the EC parameters into C code. The parameters can then be loaded by calling the ! .No get_ec_group_ Ns Ar XXX function. .It Fl check Validate the elliptic curve parameters. *************** *** 1600,1656 **** into octet strings. Possible values are: .Cm compressed ! (the default value), .Cm uncompressed , and .Cm hybrid . For more information regarding ! the point conversion forms please read the X9.62 standard. Note: Due to patent issues the .Cm compressed option is disabled by default for binary curves and can be enabled by defining the preprocessor macro ! .Ar OPENSSL_EC_BIN_PT_COMP at compile time. .It Fl genkey Generate an EC private key using the specified parameters. .It Fl in Ar file ! Specify the input filename to read parameters from or standard input if ! this option is not specified. ! .It Fl inform Ar DER | PEM ! Specify the input format. ! DER uses an ASN.1 DER-encoded form compatible with RFC 3279 EcpkParameters. ! PEM is the default format: ! it consists of the DER format base64 encoded with additional header and footer lines. .It Fl list_curves ! Print out a list of all currently implemented EC parameter names and exit. .It Fl name Ar arg ! Use the EC parameters with the specified 'short' name. ! Use ! .Fl list_curves ! to get a list of all currently implemented EC parameters. .It Fl no_seed ! Inhibit that the 'seed' for the parameter generation ! is included in the ECParameters structure (see RFC 3279). .It Fl noout ! Inhibit the output of the encoded version of the parameters. .It Fl out Ar file ! Specify the output filename parameters are written to. ! Standard output is used if this option is not present. ! The output filename should ! .Em not ! be the same as the input filename. ! .It Fl outform Ar DER | PEM ! Specify the output format; ! the parameters have the same meaning as the ! .Fl inform ! option. .It Fl param_enc Ar arg ! This specifies how the elliptic curve parameters are encoded. Possible value are: .Cm named_curve , i.e. the EC parameters are specified by an OID, or --- 1607,1656 ---- into octet strings. Possible values are: .Cm compressed ! (the default), .Cm uncompressed , and .Cm hybrid . For more information regarding ! the point conversion forms see the X9.62 standard. Note: Due to patent issues the .Cm compressed option is disabled by default for binary curves and can be enabled by defining the preprocessor macro ! .Dv OPENSSL_EC_BIN_PT_COMP at compile time. .It Fl genkey Generate an EC private key using the specified parameters. .It Fl in Ar file ! The input file to read from, ! or standard input if not specified. ! .It Fl inform Cm der | pem ! The input format. ! .Cm der ! uses an ASN.1 DER-encoded form compatible with RFC 3279 EcpkParameters. ! .Cm pem ! is the default format: ! it consists of the DER format base64-encoded with additional header and footer lines. .It Fl list_curves ! Print a list of all currently implemented EC parameter names and exit. .It Fl name Ar arg ! Use the EC parameters with the specified "short" name. .It Fl no_seed ! Do not include the seed for the parameter generation ! in the ECParameters structure (see RFC 3279). .It Fl noout ! Do not output the encoded version of the parameters. .It Fl out Ar file ! The output file to write to, ! or standard output if not specified. ! .It Fl outform Cm der | pem ! The output format. .It Fl param_enc Ar arg ! Specify how the elliptic curve parameters are encoded. Possible value are: .Cm named_curve , i.e. the EC parameters are specified by an OID, or *************** *** 1662,1723 **** Note: the .Cm implicitlyCA alternative, as specified in RFC 3279, ! is currently not implemented in ! .Nm OpenSSL . .It Fl text ! Print out the EC parameters in human readable form. .El - .Sh ECPARAM NOTES - PEM format EC parameters use the header and footer lines: - .Bd -literal -offset indent - -----BEGIN EC PARAMETERS----- - -----END EC PARAMETERS----- - .Ed - .Pp - .Nm OpenSSL - is currently not able to generate new groups and therefore - .Nm ecparam - can only create EC parameters from known (named) curves. - .Sh ECPARAM EXAMPLES - To create EC parameters with the group 'prime192v1': - .Bd -literal -offset indent - $ openssl ecparam -out ec_param.pem -name prime192v1 - .Ed - .Pp - To create EC parameters with explicit parameters: - .Bd -literal -offset indent - $ openssl ecparam -out ec_param.pem -name prime192v1 \e - -param_enc explicit - .Ed - .Pp - To validate given EC parameters: - .Bd -literal -offset indent - $ openssl ecparam -in ec_param.pem -check - .Ed - .Pp - To create EC parameters and a private key: - .Bd -literal -offset indent - $ openssl ecparam -out ec_key.pem -name prime192v1 -genkey - .Ed - .Pp - To change the point encoding to 'compressed': - .Bd -literal -offset indent - $ openssl ecparam -in ec_in.pem -out ec_out.pem \e - -conv_form compressed - .Ed - .Pp - To print out the EC parameters to standard output: - .Bd -literal -offset indent - $ openssl ecparam -in ec_param.pem -noout -text - .Ed - .Sh ECPARAM HISTORY - The - .Nm ecparam - command was first introduced in - .Nm OpenSSL - 0.9.8. - .Sh ECPARAM AUTHORS - .An Nils Larsch . .\" .\" ENC .\" --- 1662,1671 ---- Note: the .Cm implicitlyCA alternative, as specified in RFC 3279, ! is currently not implemented. .It Fl text ! Print the EC parameters in human readable form. .El .\" .\" ENC .\"