version 1.44, 2016/08/03 06:43:21 |
version 1.45, 2016/08/05 08:12:12 |
|
|
If this value is present, the input file is ignored and |
If this value is present, the input file is ignored and |
parameters are generated instead. |
parameters are generated instead. |
.El |
.El |
.\" |
|
.\" DSA |
|
.\" |
|
.Sh DSA |
.Sh DSA |
.nr nS 1 |
.nr nS 1 |
.Nm "openssl dsa" |
.Nm "openssl dsa" |
.Bk -words |
|
.Oo |
.Oo |
.Fl aes128 | aes192 | aes256 | |
.Fl aes128 | aes192 | aes256 | |
.Fl des | des3 |
.Fl des | des3 |
.Oc |
.Oc |
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inform Ar DER | PEM |
.Op Fl inform Cm der | pem |
.Op Fl modulus |
.Op Fl modulus |
.Op Fl noout |
.Op Fl noout |
.Op Fl out Ar file |
.Op Fl out Ar file |
.Op Fl outform Ar DER | PEM |
.Op Fl outform Cm der | pem |
.Op Fl passin Ar arg |
.Op Fl passin Ar arg |
.Op Fl passout Ar arg |
.Op Fl passout Ar arg |
.Op Fl pubin |
.Op Fl pubin |
.Op Fl pubout |
.Op Fl pubout |
.Op Fl text |
.Op Fl text |
.Ek |
|
.nr nS 0 |
.nr nS 0 |
.Pp |
.Pp |
The |
The |
|
|
.Nm pkcs8 |
.Nm pkcs8 |
command. |
command. |
.Pp |
.Pp |
|
The PEM private key format uses the header and footer lines: |
|
.Bd -unfilled -offset indent |
|
-----BEGIN DSA PRIVATE KEY----- |
|
-----END DSA PRIVATE KEY----- |
|
.Ed |
|
.Pp |
|
The PEM public key format uses the header and footer lines: |
|
.Bd -unfilled -offset indent |
|
-----BEGIN PUBLIC KEY----- |
|
-----END PUBLIC KEY----- |
|
.Ed |
|
.Pp |
The options are as follows: |
The options are as follows: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Xo |
.It Xo |
.Fl aes128 | aes192 | aes256 | |
.Fl aes128 | aes192 | aes256 | |
.Fl des | des3 |
.Fl des | des3 |
.Xc |
.Xc |
These options encrypt the private key with the AES, DES, or the triple DES |
Encrypt the private key with the AES, DES, or the triple DES |
ciphers, respectively, before outputting it. |
ciphers, respectively, before outputting it. |
A pass phrase is prompted for. |
A pass phrase is prompted for. |
If none of these options is specified, the key is written in plain text. |
If none of these options are specified, the key is written in plain text. |
This means that using the |
This means that using the |
.Nm dsa |
.Nm dsa |
utility to read in an encrypted key with no encryption option can be used to |
utility to read an encrypted key with no encryption option can be used to |
remove the pass phrase from a key, |
remove the pass phrase from a key, |
or by setting the encryption options it can be use to add or change |
or by setting the encryption options it can be used to add or change |
the pass phrase. |
the pass phrase. |
These options can only be used with PEM format output files. |
These options can only be used with PEM format output files. |
.It Fl in Ar file |
.It Fl in Ar file |
This specifies the input |
The input file to read from, |
.Ar file |
or standard input if not specified. |
to read a key from, or standard input if this option is not specified. |
|
If the key is encrypted, a pass phrase will be prompted for. |
If the key is encrypted, a pass phrase will be prompted for. |
.It Fl inform Ar DER | PEM |
.It Fl inform Cm der | pem |
This specifies the input format. |
The input format. |
The |
.Cm der |
.Ar DER |
with a private key uses an ASN1 DER-encoded form of an ASN.1 |
argument with a private key uses an ASN1 DER-encoded form of an ASN.1 |
|
SEQUENCE consisting of the values of version |
SEQUENCE consisting of the values of version |
.Pq currently zero , |
.Pq currently zero , |
P, Q, G, |
P, Q, G, |
|
|
.Em SubjectPublicKeyInfo |
.Em SubjectPublicKeyInfo |
structure: it is an error if the key is not DSA. |
structure: it is an error if the key is not DSA. |
.Pp |
.Pp |
The |
.Cm pem |
.Ar PEM |
is the default format: |
form is the default format: |
|
it consists of the DER format base64-encoded with additional header and footer |
it consists of the DER format base64-encoded with additional header and footer |
lines. |
lines. |
In the case of a private key, PKCS#8 format is also accepted. |
In the case of a private key, PKCS#8 format is also accepted. |
.It Fl modulus |
.It Fl modulus |
This option prints out the value of the public key component of the key. |
Print the value of the public key component of the key. |
.It Fl noout |
.It Fl noout |
This option prevents output of the encoded version of the key. |
Prevent output of the encoded version of the key. |
.It Fl out Ar file |
.It Fl out Ar file |
This specifies the output |
The output file to write to, |
.Ar file |
or standard output if not specified. |
to write a key to, or standard output if not specified. |
|
If any encryption options are set then a pass phrase will be |
If any encryption options are set then a pass phrase will be |
prompted for. |
prompted for. |
The output filename should |
.It Fl outform Cm der | pem |
.Em not |
The output format. |
be the same as the input filename. |
|
.It Fl outform Ar DER | PEM |
|
This specifies the output format; the options have the same meaning as the |
|
.Fl inform |
|
option. |
|
.It Fl passin Ar arg |
.It Fl passin Ar arg |
The key password source. |
The key password source. |
.It Fl passout Ar arg |
.It Fl passout Ar arg |
|
|
With this option a public key will be output instead. |
With this option a public key will be output instead. |
This option is automatically set if the input is a public key. |
This option is automatically set if the input is a public key. |
.It Fl text |
.It Fl text |
Prints out the public/private key components and parameters. |
Print out the public/private key components and parameters. |
.El |
.El |
.Sh DSA NOTES |
|
The PEM private key format uses the header and footer lines: |
|
.Bd -unfilled -offset indent |
|
-----BEGIN DSA PRIVATE KEY----- |
|
-----END DSA PRIVATE KEY----- |
|
.Ed |
|
.Pp |
|
The PEM public key format uses the header and footer lines: |
|
.Bd -unfilled -offset indent |
|
-----BEGIN PUBLIC KEY----- |
|
-----END PUBLIC KEY----- |
|
.Ed |
|
.Sh DSA EXAMPLES |
|
To remove the pass phrase on a DSA private key: |
|
.Pp |
|
.Dl $ openssl dsa -in key.pem -out keyout.pem |
|
.Pp |
|
To encrypt a private key using triple DES: |
|
.Pp |
|
.Dl $ openssl dsa -in key.pem -des3 -out keyout.pem |
|
.Pp |
|
To convert a private key from PEM to DER format: |
|
.Pp |
|
.Dl $ openssl dsa -in key.pem -outform DER -out keyout.der |
|
.Pp |
|
To print out the components of a private key to standard output: |
|
.Pp |
|
.Dl $ openssl dsa -in key.pem -text -noout |
|
.Pp |
|
To just output the public part of a private key: |
|
.Pp |
|
.Dl $ openssl dsa -in key.pem -pubout -out pubkey.pem |
|
.\" |
.\" |
.\" DSAPARAM |
.\" DSAPARAM |
.\" |
.\" |