Upgrade to OpenSSL 0.9.8h.

[dragonfly.git] / secure / usr.bin / openssl / man / ecparam.1

.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  | will give a
.\" real vertical bar.  \*(C+ will give a nicer C++.  Capital omega is used to
.\" do unbreakable dashes and therefore won't be available.  \*(C` and \*(C'
.\" expand to `' in nroff, nothing in troff, for use with C<>.
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.if \nF \{\
.    de IX
.    tm Index:\\$1\t\\n%\t"\\$2"
..
.    nr % 0
.    rr F
.\}
.\"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "ECPARAM 1"
.TH ECPARAM 1 "2008-09-06" "0.9.8h" "OpenSSL"
.SH "NAME"
ecparam \- EC parameter manipulation and generation
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\fBopenssl ecparam\fR
[\fB\-inform DER|PEM\fR]
[\fB\-outform DER|PEM\fR]
[\fB\-in filename\fR]
[\fB\-out filename\fR]
[\fB\-noout\fR]
[\fB\-text\fR]
[\fB\-C\fR]
[\fB\-check\fR]
[\fB\-name arg\fR]
[\fB\-list_curve\fR]
[\fB\-conv_form arg\fR]
[\fB\-param_enc arg\fR]
[\fB\-no_seed\fR]
[\fB\-rand file(s)\fR]
[\fB\-genkey\fR]
[\fB\-engine id\fR]
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This command is used to manipulate or generate \s-1EC\s0 parameter files.
.SH "OPTIONS"
.IX Header "OPTIONS"
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN\s0.1 \s-1DER\s0 encoded
form compatible with \s-1RFC\s0 3279 EcpkParameters. The \s-1PEM\s0 form is the default
format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional 
header and footer lines.
.IP "\fB\-outform DER|PEM\fR" 4
.IX Item "-outform DER|PEM"
This specifies the output format, the options have the same meaning as the 
\&\fB\-inform\fR option.
.IP "\fB\-in filename\fR" 4
.IX Item "-in filename"
This specifies the input filename to read parameters from or standard input if
this option is not specified.
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename parameters to. Standard output is used
if this option is not present. The output filename should \fBnot\fR be the same
as the input filename.
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
This option inhibits the output of the encoded version of the parameters.
.IP "\fB\-text\fR" 4
.IX Item "-text"
This option prints out the \s-1EC\s0 parameters in human readable form.
.IP "\fB\-C\fR" 4
.IX Item "-C"
This option converts the \s-1EC\s0 parameters into C code. The parameters can then
be loaded by calling the \fB\f(BIget_ec_group_XXX()\fB\fR function.
.IP "\fB\-check\fR" 4
.IX Item "-check"
Validate the elliptic curve parameters.
.IP "\fB\-name arg\fR" 4
.IX Item "-name arg"
Use the \s-1EC\s0 parameters with the specified 'short' name. Use \fB\-list_curves\fR
to get a list of all currently implemented \s-1EC\s0 parameters.
.IP "\fB\-list_curves\fR" 4
.IX Item "-list_curves"
If this options is specified \fBecparam\fR will print out a list of all
currently implemented \s-1EC\s0 parameters names and exit.
.IP "\fB\-conv_form\fR" 4
.IX Item "-conv_form"
This specifies how the points on the elliptic curve are converted
into octet strings. Possible values are: \fBcompressed\fR (the default
value), \fBuncompressed\fR and \fBhybrid\fR. For more information regarding
the point conversion forms please read the X9.62 standard.
\&\fBNote\fR Due to patent issues the \fBcompressed\fR option is disabled
by default for binary curves and can be enabled by defining
the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time.
.IP "\fB\-param_enc arg\fR" 4
.IX Item "-param_enc arg"
This specifies how the elliptic curve parameters are encoded.
Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are
specified by a \s-1OID\s0, or \fBexplicit\fR where the ec parameters are
explicitly given (see \s-1RFC\s0 3279 for the definition of the 
\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR.
\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC\s0 3279,
is currently not implemented in OpenSSL.
.IP "\fB\-no_seed\fR" 4
.IX Item "-no_seed"
This option inhibits that the 'seed' for the parameter generation
is included in the ECParameters structure (see \s-1RFC\s0 3279).
.IP "\fB\-genkey\fR" 4
.IX Item "-genkey"
This option will generate a \s-1EC\s0 private key using the specified parameters.
.IP "\fB\-rand file(s)\fR" 4
.IX Item "-rand file(s)"
a file or files containing random data used to seed the random number
generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
Multiple files can be specified separated by a OS-dependent character.
The separator is \fB;\fR for MS\-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
all others.
.IP "\fB\-engine id\fR" 4
.IX Item "-engine id"
specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
.SH "NOTES"
.IX Header "NOTES"
\&\s-1PEM\s0 format \s-1EC\s0 parameters use the header and footer lines:
.PP
.Vb 2
\& -----BEGIN EC PARAMETERS-----
\& -----END EC PARAMETERS-----
.Ve
.PP
OpenSSL is currently not able to generate new groups and therefore
\&\fBecparam\fR can only create \s-1EC\s0 parameters from known (named) curves. 
.SH "EXAMPLES"
.IX Header "EXAMPLES"
To create \s-1EC\s0 parameters with the group 'prime192v1':
.PP
.Vb 1
\&  openssl ecparam -out ec_param.pem -name prime192v1
.Ve
.PP
To create \s-1EC\s0 parameters with explicit parameters:
.PP
.Vb 1
\&  openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit
.Ve
.PP
To validate given \s-1EC\s0 parameters:
.PP
.Vb 1
\&  openssl ecparam -in ec_param.pem -check
.Ve
.PP
To create \s-1EC\s0 parameters and a private key:
.PP
.Vb 1
\&  openssl ecparam -out ec_key.pem -name prime192v1 -genkey
.Ve
.PP
To change the point encoding to 'compressed':
.PP
.Vb 1
\&  openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed
.Ve
.PP
To print out the \s-1EC\s0 parameters to standard output:
.PP
.Vb 1
\&  openssl ecparam -in ec_param.pem -noout -text
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIec\fR\|(1), \fIdsaparam\fR\|(1)
.SH "HISTORY"
.IX Header "HISTORY"
The ecparam command was first introduced in OpenSSL 0.9.8.
.SH "AUTHOR"
.IX Header "AUTHOR"
Nils Larsch for the OpenSSL project (http://www.openssl.org)