1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery 3*b077aed3SPierre Pronchery=begin comment 4*b077aed3SPierre Pronchery{- join("\n", @autowarntext) -} 5*b077aed3SPierre Pronchery 6*b077aed3SPierre Pronchery=end comment 7*b077aed3SPierre Pronchery 8*b077aed3SPierre Pronchery=head1 NAME 9*b077aed3SPierre Pronchery 10*b077aed3SPierre Proncheryopenssl-dsa - DSA key processing 11*b077aed3SPierre Pronchery 12*b077aed3SPierre Pronchery=head1 SYNOPSIS 13*b077aed3SPierre Pronchery 14*b077aed3SPierre ProncheryB<openssl> B<dsa> 15*b077aed3SPierre Pronchery[B<-help>] 16*b077aed3SPierre Pronchery[B<-inform> B<DER>|B<PEM>] 17*b077aed3SPierre Pronchery[B<-outform> B<DER>|B<PEM>] 18*b077aed3SPierre Pronchery[B<-in> I<filename>] 19*b077aed3SPierre Pronchery[B<-passin> I<arg>] 20*b077aed3SPierre Pronchery[B<-out> I<filename>] 21*b077aed3SPierre Pronchery[B<-passout> I<arg>] 22*b077aed3SPierre Pronchery[B<-aes128>] 23*b077aed3SPierre Pronchery[B<-aes192>] 24*b077aed3SPierre Pronchery[B<-aes256>] 25*b077aed3SPierre Pronchery[B<-aria128>] 26*b077aed3SPierre Pronchery[B<-aria192>] 27*b077aed3SPierre Pronchery[B<-aria256>] 28*b077aed3SPierre Pronchery[B<-camellia128>] 29*b077aed3SPierre Pronchery[B<-camellia192>] 30*b077aed3SPierre Pronchery[B<-camellia256>] 31*b077aed3SPierre Pronchery[B<-des>] 32*b077aed3SPierre Pronchery[B<-des3>] 33*b077aed3SPierre Pronchery[B<-idea>] 34*b077aed3SPierre Pronchery[B<-text>] 35*b077aed3SPierre Pronchery[B<-noout>] 36*b077aed3SPierre Pronchery[B<-modulus>] 37*b077aed3SPierre Pronchery[B<-pubin>] 38*b077aed3SPierre Pronchery[B<-pubout>] 39*b077aed3SPierre Pronchery[B<-pvk-strong>] 40*b077aed3SPierre Pronchery[B<-pvk-weak>] 41*b077aed3SPierre Pronchery[B<-pvk-none>] 42*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -} 43*b077aed3SPierre Pronchery 44*b077aed3SPierre Pronchery=head1 DESCRIPTION 45*b077aed3SPierre Pronchery 46*b077aed3SPierre ProncheryThis command processes DSA keys. They can be converted between various 47*b077aed3SPierre Proncheryforms and their components printed out. B<Note> This command uses the 48*b077aed3SPierre Proncherytraditional SSLeay compatible format for private key encryption: newer 49*b077aed3SPierre Proncheryapplications should use the more secure PKCS#8 format using the B<pkcs8> 50*b077aed3SPierre Pronchery 51*b077aed3SPierre Pronchery=head1 OPTIONS 52*b077aed3SPierre Pronchery 53*b077aed3SPierre Pronchery=over 4 54*b077aed3SPierre Pronchery 55*b077aed3SPierre Pronchery=item B<-help> 56*b077aed3SPierre Pronchery 57*b077aed3SPierre ProncheryPrint out a usage message. 58*b077aed3SPierre Pronchery 59*b077aed3SPierre Pronchery=item B<-inform> B<DER>|B<PEM> 60*b077aed3SPierre Pronchery 61*b077aed3SPierre ProncheryThe key input format; unspecified by default. 62*b077aed3SPierre ProncherySee L<openssl-format-options(1)> for details. 63*b077aed3SPierre Pronchery 64*b077aed3SPierre Pronchery=item B<-outform> B<DER>|B<PEM> 65*b077aed3SPierre Pronchery 66*b077aed3SPierre ProncheryThe key output format; the default is B<PEM>. 67*b077aed3SPierre ProncherySee L<openssl-format-options(1)> for details. 68*b077aed3SPierre Pronchery 69*b077aed3SPierre ProncheryPrivate keys are a sequence of B<ASN.1 INTEGERS>: the version (zero), B<p>, 70*b077aed3SPierre ProncheryB<q>, B<g>, and the public and private key components. Public keys 71*b077aed3SPierre Proncheryare a B<SubjectPublicKeyInfo> structure with the B<DSA> type. 72*b077aed3SPierre Pronchery 73*b077aed3SPierre ProncheryThe B<PEM> format also accepts PKCS#8 data. 74*b077aed3SPierre Pronchery 75*b077aed3SPierre Pronchery=item B<-in> I<filename> 76*b077aed3SPierre Pronchery 77*b077aed3SPierre ProncheryThis specifies the input filename to read a key from or standard input if this 78*b077aed3SPierre Proncheryoption is not specified. If the key is encrypted a pass phrase will be 79*b077aed3SPierre Proncheryprompted for. 80*b077aed3SPierre Pronchery 81*b077aed3SPierre Pronchery=item B<-out> I<filename> 82*b077aed3SPierre Pronchery 83*b077aed3SPierre ProncheryThis specifies the output filename to write a key to or standard output by 84*b077aed3SPierre Proncheryis not specified. If any encryption options are set then a pass phrase will be 85*b077aed3SPierre Proncheryprompted for. The output filename should B<not> be the same as the input 86*b077aed3SPierre Proncheryfilename. 87*b077aed3SPierre Pronchery 88*b077aed3SPierre Pronchery=item B<-passin> I<arg>, B<-passout> I<arg> 89*b077aed3SPierre Pronchery 90*b077aed3SPierre ProncheryThe password source for the input and output file. 91*b077aed3SPierre ProncheryFor more information about the format of B<arg> 92*b077aed3SPierre Proncherysee L<openssl-passphrase-options(1)>. 93*b077aed3SPierre Pronchery 94*b077aed3SPierre Pronchery=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> 95*b077aed3SPierre Pronchery 96*b077aed3SPierre ProncheryThese options encrypt the private key with the specified 97*b077aed3SPierre Proncherycipher before outputting it. A pass phrase is prompted for. 98*b077aed3SPierre ProncheryIf none of these options is specified the key is written in plain text. This 99*b077aed3SPierre Proncherymeans that this command can be used to remove the pass phrase from a key 100*b077aed3SPierre Proncheryby not giving any encryption option is given, or to add or change the pass 101*b077aed3SPierre Proncheryphrase by setting them. 102*b077aed3SPierre ProncheryThese options can only be used with PEM format output files. 103*b077aed3SPierre Pronchery 104*b077aed3SPierre Pronchery=item B<-text> 105*b077aed3SPierre Pronchery 106*b077aed3SPierre ProncheryPrints out the public, private key components and parameters. 107*b077aed3SPierre Pronchery 108*b077aed3SPierre Pronchery=item B<-noout> 109*b077aed3SPierre Pronchery 110*b077aed3SPierre ProncheryThis option prevents output of the encoded version of the key. 111*b077aed3SPierre Pronchery 112*b077aed3SPierre Pronchery=item B<-modulus> 113*b077aed3SPierre Pronchery 114*b077aed3SPierre ProncheryThis option prints out the value of the public key component of the key. 115*b077aed3SPierre Pronchery 116*b077aed3SPierre Pronchery=item B<-pubin> 117*b077aed3SPierre Pronchery 118*b077aed3SPierre ProncheryBy default, a private key is read from the input file. With this option a 119*b077aed3SPierre Proncherypublic key is read instead. 120*b077aed3SPierre Pronchery 121*b077aed3SPierre Pronchery=item B<-pubout> 122*b077aed3SPierre Pronchery 123*b077aed3SPierre ProncheryBy default, a private key is output. With this option a public 124*b077aed3SPierre Proncherykey will be output instead. This option is automatically set if the input is 125*b077aed3SPierre Proncherya public key. 126*b077aed3SPierre Pronchery 127*b077aed3SPierre Pronchery=item B<-pvk-strong> 128*b077aed3SPierre Pronchery 129*b077aed3SPierre ProncheryEnable 'Strong' PVK encoding level (default). 130*b077aed3SPierre Pronchery 131*b077aed3SPierre Pronchery=item B<-pvk-weak> 132*b077aed3SPierre Pronchery 133*b077aed3SPierre ProncheryEnable 'Weak' PVK encoding level. 134*b077aed3SPierre Pronchery 135*b077aed3SPierre Pronchery=item B<-pvk-none> 136*b077aed3SPierre Pronchery 137*b077aed3SPierre ProncheryDon't enforce PVK encoding. 138*b077aed3SPierre Pronchery 139*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_engine_item -} 140*b077aed3SPierre Pronchery 141*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_item -} 142*b077aed3SPierre Pronchery 143*b077aed3SPierre Pronchery=back 144*b077aed3SPierre Pronchery 145*b077aed3SPierre ProncheryThe L<openssl-pkey(1)> command is capable of performing all the operations 146*b077aed3SPierre Proncherythis command can, as well as supporting other public key types. 147*b077aed3SPierre Pronchery 148*b077aed3SPierre Pronchery=head1 EXAMPLES 149*b077aed3SPierre Pronchery 150*b077aed3SPierre ProncheryThe documentation for the L<openssl-pkey(1)> command contains examples 151*b077aed3SPierre Proncheryequivalent to the ones listed here. 152*b077aed3SPierre Pronchery 153*b077aed3SPierre ProncheryTo remove the pass phrase on a DSA private key: 154*b077aed3SPierre Pronchery 155*b077aed3SPierre Pronchery openssl dsa -in key.pem -out keyout.pem 156*b077aed3SPierre Pronchery 157*b077aed3SPierre ProncheryTo encrypt a private key using triple DES: 158*b077aed3SPierre Pronchery 159*b077aed3SPierre Pronchery openssl dsa -in key.pem -des3 -out keyout.pem 160*b077aed3SPierre Pronchery 161*b077aed3SPierre ProncheryTo convert a private key from PEM to DER format: 162*b077aed3SPierre Pronchery 163*b077aed3SPierre Pronchery openssl dsa -in key.pem -outform DER -out keyout.der 164*b077aed3SPierre Pronchery 165*b077aed3SPierre ProncheryTo print out the components of a private key to standard output: 166*b077aed3SPierre Pronchery 167*b077aed3SPierre Pronchery openssl dsa -in key.pem -text -noout 168*b077aed3SPierre Pronchery 169*b077aed3SPierre ProncheryTo just output the public part of a private key: 170*b077aed3SPierre Pronchery 171*b077aed3SPierre Pronchery openssl dsa -in key.pem -pubout -out pubkey.pem 172*b077aed3SPierre Pronchery 173*b077aed3SPierre Pronchery=head1 SEE ALSO 174*b077aed3SPierre Pronchery 175*b077aed3SPierre ProncheryL<openssl(1)>, 176*b077aed3SPierre ProncheryL<openssl-pkey(1)>, 177*b077aed3SPierre ProncheryL<openssl-dsaparam(1)>, 178*b077aed3SPierre ProncheryL<openssl-gendsa(1)>, 179*b077aed3SPierre ProncheryL<openssl-rsa(1)>, 180*b077aed3SPierre ProncheryL<openssl-genrsa(1)> 181*b077aed3SPierre Pronchery 182*b077aed3SPierre Pronchery=head1 HISTORY 183*b077aed3SPierre Pronchery 184*b077aed3SPierre ProncheryThe B<-engine> option was deprecated in OpenSSL 3.0. 185*b077aed3SPierre Pronchery 186*b077aed3SPierre Pronchery=head1 COPYRIGHT 187*b077aed3SPierre Pronchery 188*b077aed3SPierre ProncheryCopyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. 189*b077aed3SPierre Pronchery 190*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 191*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 192*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 193*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 194*b077aed3SPierre Pronchery 195*b077aed3SPierre Pronchery=cut 196