Merge branch 'vendor/OPENSSL'
[dragonfly.git] / secure / usr.bin / openssl / man / ecparam.1
CommitLineData
e257b235 1.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05)
a561f9ff
SS
2.\"
3.\" Standard preamble:
4.\" ========================================================================
5.de Sh \" Subsection heading
6.br
7.if t .Sp
8.ne 5
9.PP
10\fB\\$1\fR
11.PP
12..
13.de Sp \" Vertical space (when we can't use .PP)
14.if t .sp .5v
15.if n .sp
16..
17.de Vb \" Begin verbatim text
18.ft CW
19.nf
20.ne \\$1
21..
22.de Ve \" End verbatim text
23.ft R
24.fi
25..
26.\" Set up some character translations and predefined strings. \*(-- will
27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
e257b235
PA
28.\" double quote, and \*(R" will give a right double quote. \*(C+ will
29.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
30.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
31.\" nothing in troff, for use with C<>.
32.tr \(*W-
a561f9ff
SS
33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
34.ie n \{\
35. ds -- \(*W-
36. ds PI pi
37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
39. ds L" ""
40. ds R" ""
41. ds C` ""
42. ds C' ""
43'br\}
44.el\{\
45. ds -- \|\(em\|
46. ds PI \(*p
47. ds L" ``
48. ds R" ''
49'br\}
50.\"
e257b235
PA
51.\" Escape single quotes in literal strings from groff's Unicode transform.
52.ie \n(.g .ds Aq \(aq
53.el .ds Aq '
54.\"
a561f9ff
SS
55.\" If the F register is turned on, we'll generate index entries on stderr for
56.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
57.\" entries marked with X<> in POD. Of course, you'll have to process the
58.\" output yourself in some meaningful fashion.
e257b235 59.ie \nF \{\
a561f9ff
SS
60. de IX
61. tm Index:\\$1\t\\n%\t"\\$2"
62..
63. nr % 0
64. rr F
65.\}
e257b235
PA
66.el \{\
67. de IX
68..
69.\}
aac4ff6f 70.\"
a561f9ff
SS
71.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
72.\" Fear. Run. Save yourself. No user-serviceable parts.
73. \" fudge factors for nroff and troff
74.if n \{\
75. ds #H 0
76. ds #V .8m
77. ds #F .3m
78. ds #[ \f1
79. ds #] \fP
80.\}
81.if t \{\
82. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
83. ds #V .6m
84. ds #F 0
85. ds #[ \&
86. ds #] \&
87.\}
88. \" simple accents for nroff and troff
89.if n \{\
90. ds ' \&
91. ds ` \&
92. ds ^ \&
93. ds , \&
94. ds ~ ~
95. ds /
96.\}
97.if t \{\
98. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
99. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
100. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
101. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
102. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
103. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
104.\}
105. \" troff and (daisy-wheel) nroff accents
106.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
107.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
108.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
109.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
110.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
111.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
112.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
113.ds ae a\h'-(\w'a'u*4/10)'e
114.ds Ae A\h'-(\w'A'u*4/10)'E
115. \" corrections for vroff
116.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
117.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
118. \" for low resolution devices (crt and lpr)
119.if \n(.H>23 .if \n(.V>19 \
120\{\
121. ds : e
122. ds 8 ss
123. ds o a
124. ds d- d\h'-1'\(ga
125. ds D- D\h'-1'\(hy
126. ds th \o'bp'
127. ds Th \o'LP'
128. ds ae ae
129. ds Ae AE
130.\}
131.rm #[ #] #H #V #F C
132.\" ========================================================================
133.\"
134.IX Title "ECPARAM 1"
fc468453 135.TH ECPARAM 1 "2010-02-27" "0.9.8m" "OpenSSL"
e257b235
PA
136.\" For nroff, turn off justification. Always turn off hyphenation; it makes
137.\" way too many mistakes in technical documents.
138.if n .ad l
139.nh
a561f9ff
SS
140.SH "NAME"
141ecparam \- EC parameter manipulation and generation
142.SH "SYNOPSIS"
143.IX Header "SYNOPSIS"
144\&\fBopenssl ecparam\fR
145[\fB\-inform DER|PEM\fR]
146[\fB\-outform DER|PEM\fR]
147[\fB\-in filename\fR]
148[\fB\-out filename\fR]
149[\fB\-noout\fR]
150[\fB\-text\fR]
151[\fB\-C\fR]
152[\fB\-check\fR]
153[\fB\-name arg\fR]
154[\fB\-list_curve\fR]
155[\fB\-conv_form arg\fR]
156[\fB\-param_enc arg\fR]
157[\fB\-no_seed\fR]
158[\fB\-rand file(s)\fR]
159[\fB\-genkey\fR]
160[\fB\-engine id\fR]
161.SH "DESCRIPTION"
162.IX Header "DESCRIPTION"
163This command is used to manipulate or generate \s-1EC\s0 parameter files.
164.SH "OPTIONS"
165.IX Header "OPTIONS"
166.IP "\fB\-inform DER|PEM\fR" 4
167.IX Item "-inform DER|PEM"
168This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN\s0.1 \s-1DER\s0 encoded
169form compatible with \s-1RFC\s0 3279 EcpkParameters. The \s-1PEM\s0 form is the default
170format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional
171header and footer lines.
172.IP "\fB\-outform DER|PEM\fR" 4
173.IX Item "-outform DER|PEM"
174This specifies the output format, the options have the same meaning as the
175\&\fB\-inform\fR option.
176.IP "\fB\-in filename\fR" 4
177.IX Item "-in filename"
178This specifies the input filename to read parameters from or standard input if
179this option is not specified.
180.IP "\fB\-out filename\fR" 4
181.IX Item "-out filename"
182This specifies the output filename parameters to. Standard output is used
183if this option is not present. The output filename should \fBnot\fR be the same
184as the input filename.
185.IP "\fB\-noout\fR" 4
186.IX Item "-noout"
187This option inhibits the output of the encoded version of the parameters.
188.IP "\fB\-text\fR" 4
189.IX Item "-text"
190This option prints out the \s-1EC\s0 parameters in human readable form.
191.IP "\fB\-C\fR" 4
192.IX Item "-C"
193This option converts the \s-1EC\s0 parameters into C code. The parameters can then
194be loaded by calling the \fB\f(BIget_ec_group_XXX()\fB\fR function.
195.IP "\fB\-check\fR" 4
196.IX Item "-check"
197Validate the elliptic curve parameters.
198.IP "\fB\-name arg\fR" 4
199.IX Item "-name arg"
200Use the \s-1EC\s0 parameters with the specified 'short' name. Use \fB\-list_curves\fR
201to get a list of all currently implemented \s-1EC\s0 parameters.
202.IP "\fB\-list_curves\fR" 4
203.IX Item "-list_curves"
204If this options is specified \fBecparam\fR will print out a list of all
205currently implemented \s-1EC\s0 parameters names and exit.
206.IP "\fB\-conv_form\fR" 4
207.IX Item "-conv_form"
208This specifies how the points on the elliptic curve are converted
209into octet strings. Possible values are: \fBcompressed\fR (the default
210value), \fBuncompressed\fR and \fBhybrid\fR. For more information regarding
211the point conversion forms please read the X9.62 standard.
212\&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled
213by default for binary curves and can be enabled by defining
214the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time.
215.IP "\fB\-param_enc arg\fR" 4
216.IX Item "-param_enc arg"
217This specifies how the elliptic curve parameters are encoded.
218Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are
219specified by a \s-1OID\s0, or \fBexplicit\fR where the ec parameters are
220explicitly given (see \s-1RFC\s0 3279 for the definition of the
221\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR.
222\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC\s0 3279,
223is currently not implemented in OpenSSL.
224.IP "\fB\-no_seed\fR" 4
225.IX Item "-no_seed"
226This option inhibits that the 'seed' for the parameter generation
227is included in the ECParameters structure (see \s-1RFC\s0 3279).
228.IP "\fB\-genkey\fR" 4
229.IX Item "-genkey"
230This option will generate a \s-1EC\s0 private key using the specified parameters.
231.IP "\fB\-rand file(s)\fR" 4
232.IX Item "-rand file(s)"
233a file or files containing random data used to seed the random number
234generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
235Multiple files can be specified separated by a OS-dependent character.
e257b235 236The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
a561f9ff
SS
237all others.
238.IP "\fB\-engine id\fR" 4
239.IX Item "-engine id"
240specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
241to attempt to obtain a functional reference to the specified engine,
242thus initialising it if needed. The engine will then be set as the default
243for all available algorithms.
244.SH "NOTES"
245.IX Header "NOTES"
246\&\s-1PEM\s0 format \s-1EC\s0 parameters use the header and footer lines:
247.PP
248.Vb 2
e257b235
PA
249\& \-\-\-\-\-BEGIN EC PARAMETERS\-\-\-\-\-
250\& \-\-\-\-\-END EC PARAMETERS\-\-\-\-\-
a561f9ff
SS
251.Ve
252.PP
253OpenSSL is currently not able to generate new groups and therefore
e257b235 254\&\fBecparam\fR can only create \s-1EC\s0 parameters from known (named) curves.
a561f9ff
SS
255.SH "EXAMPLES"
256.IX Header "EXAMPLES"
257To create \s-1EC\s0 parameters with the group 'prime192v1':
258.PP
259.Vb 1
e257b235 260\& openssl ecparam \-out ec_param.pem \-name prime192v1
a561f9ff
SS
261.Ve
262.PP
263To create \s-1EC\s0 parameters with explicit parameters:
264.PP
265.Vb 1
e257b235 266\& openssl ecparam \-out ec_param.pem \-name prime192v1 \-param_enc explicit
a561f9ff
SS
267.Ve
268.PP
269To validate given \s-1EC\s0 parameters:
270.PP
271.Vb 1
e257b235 272\& openssl ecparam \-in ec_param.pem \-check
a561f9ff
SS
273.Ve
274.PP
275To create \s-1EC\s0 parameters and a private key:
276.PP
277.Vb 1
e257b235 278\& openssl ecparam \-out ec_key.pem \-name prime192v1 \-genkey
a561f9ff
SS
279.Ve
280.PP
281To change the point encoding to 'compressed':
282.PP
283.Vb 1
e257b235 284\& openssl ecparam \-in ec_in.pem \-out ec_out.pem \-conv_form compressed
a561f9ff
SS
285.Ve
286.PP
287To print out the \s-1EC\s0 parameters to standard output:
288.PP
289.Vb 1
e257b235 290\& openssl ecparam \-in ec_param.pem \-noout \-text
a561f9ff
SS
291.Ve
292.SH "SEE ALSO"
293.IX Header "SEE ALSO"
294\&\fIec\fR\|(1), \fIdsaparam\fR\|(1)
295.SH "HISTORY"
296.IX Header "HISTORY"
297The ecparam command was first introduced in OpenSSL 0.9.8.
298.SH "AUTHOR"
299.IX Header "AUTHOR"
300Nils Larsch for the OpenSSL project (http://www.openssl.org)