Lines Matching +full:sub +full:- +full:engines
18 .\" Set up some character translations and predefined strings. \*(-- will
24 .tr \(*W-
27 . ds -- \(*W-
29 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
37 . ds -- \|\(em\|
71 .\" Fear. Run. Save yourself. No user-serviceable parts.
81 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
97 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
98 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
99 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
100 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
101 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
102 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
104 . \" troff and (daisy-wheel) nroff accents
123 . ds d- d\h'-1'\(ga
124 . ds D- D\h'-1'\(hy
133 .IX Title "OPENSSL-GENPKEY 1ossl"
134 .TH OPENSSL-GENPKEY 1ossl "2023-09-22" "3.0.11" "OpenSSL"
140 openssl\-genpkey \- generate a private key
144 [\fB\-help\fR]
145 [\fB\-out\fR \fIfilename\fR]
146 [\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR]
147 [\fB\-quiet\fR]
148 [\fB\-pass\fR \fIarg\fR]
149 [\fB\-\f(BIcipher\fB\fR]
150 [\fB\-paramfile\fR \fIfile\fR]
151 [\fB\-algorithm\fR \fIalg\fR]
152 [\fB\-pkeyopt\fR \fIopt\fR:\fIvalue\fR]
153 [\fB\-genparam\fR]
154 [\fB\-text\fR]
155 [\fB\-engine\fR \fIid\fR]
156 [\fB\-provider\fR \fIname\fR]
157 [\fB\-provider\-path\fR \fIpath\fR]
158 [\fB\-propquery\fR \fIpropq\fR]
159 [\fB\-config\fR \fIconfigfile\fR]
165 .IP "\fB\-help\fR" 4
166 .IX Item "-help"
168 .IP "\fB\-out\fR \fIfilename\fR" 4
169 .IX Item "-out filename"
172 .IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR" 4
173 .IX Item "-outform DER|PEM"
174 The output format, except when \fB\-genparam\fR is given; the default is \fB\s-1PEM\s0\fR.
175 See \fBopenssl\-format\-options\fR\|(1) for details.
177 When \fB\-genparam\fR is given, \fB\-outform\fR is ignored.
178 .IP "\fB\-quiet\fR" 4
179 .IX Item "-quiet"
181 .IP "\fB\-pass\fR \fIarg\fR" 4
182 .IX Item "-pass arg"
184 see \fBopenssl\-passphrase\-options\fR\|(1).
185 .IP "\fB\-\f(BIcipher\fB\fR" 4
186 .IX Item "-cipher"
189 .IP "\fB\-algorithm\fR \fIalg\fR" 4
190 .IX Item "-algorithm alg"
191 Public key algorithm to use such as \s-1RSA, DSA, DH\s0 or \s-1DHX.\s0 If used this option must
192 precede any \fB\-pkeyopt\fR options. The options \fB\-paramfile\fR and \fB\-algorithm\fR
193 are mutually exclusive. Engines may add algorithms in addition to the standard
194 built-in ones.
196 Valid built-in algorithm names for private key generation are \s-1RSA,\s0 RSA-PSS, \s-1EC,
197 X25519, X448, ED25519\s0 and \s-1ED448.\s0
199 Valid built-in algorithm names for parameter generation (see the \fB\-genparam\fR
200 option) are \s-1DH, DSA\s0 and \s-1EC.\s0
202 Note that the algorithm name X9.42 \s-1DH\s0 may be used as a synonym for \s-1DHX\s0 keys and
203 PKCS#3 refers to \s-1DH\s0 Keys. Some options are not shared between \s-1DH\s0 and \s-1DHX\s0 keys.
204 .IP "\fB\-pkeyopt\fR \fIopt\fR:\fIvalue\fR" 4
205 .IX Item "-pkeyopt opt:value"
208 implementation. See \*(L"\s-1KEY GENERATION OPTIONS\*(R"\s0 and
209 \&\*(L"\s-1PARAMETER GENERATION OPTIONS\*(R"\s0 below for more details.
210 .IP "\fB\-genparam\fR" 4
211 .IX Item "-genparam"
213 precede any \fB\-algorithm\fR, \fB\-paramfile\fR or \fB\-pkeyopt\fR options.
214 .IP "\fB\-paramfile\fR \fIfilename\fR" 4
215 .IX Item "-paramfile filename"
219 precede any \fB\-pkeyopt\fR options. The options \fB\-paramfile\fR and \fB\-algorithm\fR
221 .IP "\fB\-text\fR" 4
222 .IX Item "-text"
224 parameters along with the \s-1PEM\s0 or \s-1DER\s0 structure.
225 .IP "\fB\-engine\fR \fIid\fR" 4
226 .IX Item "-engine id"
229 .IP "\fB\-provider\fR \fIname\fR" 4
230 .IX Item "-provider name"
232 .IP "\fB\-provider\-path\fR \fIpath\fR" 4
233 .IX Item "-provider-path path"
234 .IP "\fB\-propquery\fR \fIpropq\fR" 4
235 .IX Item "-propquery propq"
238 .IP "\fB\-config\fR \fIconfigfile\fR" 4
239 .IX Item "-config configfile"
245 below. There are no key generation options defined for the X25519, X448, \s-1ED25519\s0
246 or \s-1ED448\s0 algorithms.
247 .SS "\s-1RSA\s0 Key Generation Options"
257 The \s-1RSA\s0 public exponent value. This can be a large decimal or
259 .SS "RSA-PSS Key Generation Options"
260 .IX Subsection "RSA-PSS Key Generation Options"
261 Note: by default an \fBRSA-PSS\fR key has no parameter restrictions.
264 These options have the same meaning as the \fB\s-1RSA\s0\fR algorithm.
270 If set the key is restricted and can only use \fIdigest\fR as it's \s-1MGF1\s0
275 .SS "\s-1EC\s0 Key Generation Options"
277 The \s-1EC\s0 key generation options can also be used for parameter generation.
280 The \s-1EC\s0 curve to use. OpenSSL supports \s-1NIST\s0 curve names such as \*(L"P\-256\*(R".
285 .SS "\s-1DH\s0 Key Generation Options"
290 See the \*(L"\s-1DH\s0 Parameter Generation Options\*(R" section below.
296 .SS "\s-1DSA\s0 Parameter Generation Options"
326 The type of generation to use. Set this to 1 to use legacy \s-1FIPS186\-2\s0 parameter
327 generation. The default of 0 uses \s-1FIPS186\-4\s0 parameter generation.
334 If this value is not set then g is not verifiable. The default value is \-1.
339 values for the generated parameters \s-1OR\s0 it will fail if the seed did not
341 .SS "\s-1DH\s0 Parameter Generation Options"
352 Use a named \s-1DH\s0 group to select constant values for the \s-1DH\s0 parameters.
355 Valid values that are associated with the \fBalgorithm\fR of \fB\*(L"\s-1DH\*(R"\s0\fR are:
359 Valid values that are associated with the \fBalgorithm\fR of \fB\*(L"\s-1DHX\*(R"\s0\fR are the
360 \&\s-1RFC5114\s0 names \*(L"dh_1024_160\*(R", \*(L"dh_2048_224\*(R", \*(L"dh_2048_256\*(R".
363 If this option is set, then the appropriate \s-1RFC5114\s0 parameters are used
381 The number of bits in the sub prime parameter \fIq\fR. The default is 224.
383 generate \s-1DHX\s0 parameters.
384 .IP "\fBsafeprime-generator\fR:\fIvalue\fR" 4
385 .IX Item "safeprime-generator:value"
391 The \fBalgorithm\fR option must be \fB\*(L"\s-1DH\*(R"\s0\fR for this parameter to be used.
394 The type name of \s-1DH\s0 parameters to generate. Valid values are:
400 The \fBalgorithm\fR option must be \fB\*(L"\s-1DH\*(R"\s0\fR.
404 \&\s-1FIPS186\-4\s0 parameter generation.
405 The \fBalgorithm\fR option must be \fB\*(L"\s-1DHX\*(R"\s0\fR.
409 \&\s-1FIPS186\-4\s0 parameter generation.
410 The \fBalgorithm\fR option must be \fB\*(L"\s-1DHX\*(R"\s0\fR.
416 The \fBalgorithm\fR option must be \fB\*(L"\s-1DH\*(R"\s0\fR.
422 If \fBalgorithm\fR is \fB\*(L"\s-1DH\*(R"\s0\fR then \fB\*(L"generator\*(R"\fR is used.
423 If \fBalgorithm\fR is \fB\*(L"\s-1DHX\*(R"\s0\fR then \fB\*(L"fips186_2\*(R"\fR is used.
429 The type of \s-1DH\s0 parameters to generate. Valid values are 0, 1, 2 or 3
451 If this value is not set then g is not verifiable. The default value is \-1.
457 values for the generated parameters \s-1OR\s0 it will fail if the seed did not
460 .SS "\s-1EC\s0 Parameter Generation Options"
462 The \s-1EC\s0 parameter generation options are the same as for key generation. See
463 \&\*(L"\s-1EC\s0 Key Generation Options\*(R" above.
467 utilities because additional algorithm options and \s-1ENGINE\s0 provided algorithms
471 Generate an \s-1RSA\s0 private key using default parameters:
474 \& openssl genpkey \-algorithm RSA \-out key.pem
477 Encrypt output private key using 128 bit \s-1AES\s0 and the passphrase \*(L"hello\*(R":
480 \& openssl genpkey \-algorithm RSA \-out key.pem \-aes\-128\-cbc \-pass pass:hello
483 Generate a 2048 bit \s-1RSA\s0 key using 3 as the public exponent:
486 \& openssl genpkey \-algorithm RSA \-out key.pem \e
487 \& \-pkeyopt rsa_keygen_bits:2048 \-pkeyopt rsa_keygen_pubexp:3
490 Generate 2048 bit \s-1DSA\s0 parameters that can be validated: The output values for
495 \& openssl genpkey \-genparam \-algorithm DSA \-out dsap.pem \-pkeyopt pbits:2048 \e
496 \& \-pkeyopt qbits:224 \-pkeyopt digest:SHA256 \-pkeyopt gindex:1 \-text
499 Generate \s-1DSA\s0 key from parameters:
502 \& openssl genpkey \-paramfile dsap.pem \-out dsakey.pem
505 Generate 4096 bit \s-1DH\s0 Key using safe prime group ffdhe4096:
508 \& openssl genpkey \-algorithm DH \-out dhkey.pem \-pkeyopt group:ffdhe4096
511 Generate 2048 bit X9.42 \s-1DH\s0 key with 256 bit subgroup using \s-1RFC5114\s0 group3:
514 \& openssl genpkey \-algorithm DHX \-out dhkey.pem \-pkeyopt dh_rfc5114:3
517 Generate a \s-1DH\s0 key using a \s-1DH\s0 parameters file:
520 \& openssl genpkey \-paramfile dhp.pem \-out dhkey.pem
523 Output \s-1DH\s0 parameters for safe prime group ffdhe2048:
526 \& openssl genpkey \-genparam \-algorithm DH \-out dhp.pem \-pkeyopt group:ffdhe2048
529 Output 2048 bit X9.42 \s-1DH\s0 parameters with 224 bit subgroup using \s-1RFC5114\s0 group2:
532 \& openssl genpkey \-genparam \-algorithm DHX \-out dhp.pem \-pkeyopt dh_rfc5114:2
535 Output 2048 bit X9.42 \s-1DH\s0 parameters with 224 bit subgroup using \s-1FIP186\-4\s0 keygen:
538 \& openssl genpkey \-genparam \-algorithm DHX \-out dhp.pem \-text \e
539 \& \-pkeyopt pbits:2048 \-pkeyopt qbits:224 \-pkeyopt digest:SHA256 \e
540 \& \-pkeyopt gindex:1 \-pkeyopt dh_paramgen_type:2
543 Output 1024 bit X9.42 \s-1DH\s0 parameters with 160 bit subgroup using \s-1FIP186\-2\s0 keygen:
546 \& openssl genpkey \-genparam \-algorithm DHX \-out dhp.pem \-text \e
547 \& \-pkeyopt pbits:1024 \-pkeyopt qbits:160 \-pkeyopt digest:SHA1 \e
548 \& \-pkeyopt gindex:1 \-pkeyopt dh_paramgen_type:1
551 Output 2048 bit \s-1DH\s0 parameters:
554 \& openssl genpkey \-genparam \-algorithm DH \-out dhp.pem \e
555 \& \-pkeyopt dh_paramgen_prime_len:2048
558 Output 2048 bit \s-1DH\s0 parameters using a generator:
561 \& openssl genpkey \-genparam \-algorithm DH \-out dhpx.pem \e
562 \& \-pkeyopt dh_paramgen_prime_len:2048 \e
563 \& \-pkeyopt dh_paramgen_type:1
566 Generate \s-1EC\s0 parameters:
569 \& openssl genpkey \-genparam \-algorithm EC \-out ecp.pem \e
570 \& \-pkeyopt ec_paramgen_curve:secp384r1 \e
571 \& \-pkeyopt ec_param_enc:named_curve
574 Generate \s-1EC\s0 key from parameters:
577 \& openssl genpkey \-paramfile ecp.pem \-out eckey.pem
580 Generate \s-1EC\s0 key directly:
583 \& openssl genpkey \-algorithm EC \-out eckey.pem \e
584 \& \-pkeyopt ec_paramgen_curve:P\-384 \e
585 \& \-pkeyopt ec_param_enc:named_curve
591 \& openssl genpkey \-algorithm X25519 \-out xkey.pem
594 Generate an \s-1ED448\s0 private key:
597 \& openssl genpkey \-algorithm ED448 \-out xkey.pem
601 The ability to use \s-1NIST\s0 curve names, and to generate an \s-1EC\s0 key directly,
604 The ability to generate X448, \s-1ED25519\s0 and \s-1ED448\s0 keys was added in OpenSSL 1.1.1.
606 The \fB\-engine\fR option was deprecated in OpenSSL 3.0.
609 Copyright 2006\-2023 The OpenSSL Project Authors. All Rights Reserved.
613 in the file \s-1LICENSE\s0 in the source distribution or at