1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery{- OpenSSL::safe::output_do_not_edit_headers(); -} 3*b077aed3SPierre Pronchery 4*b077aed3SPierre Pronchery=head1 NAME 5*b077aed3SPierre Pronchery 6*b077aed3SPierre Proncheryopenssl-ecparam - EC parameter manipulation and generation 7*b077aed3SPierre Pronchery 8*b077aed3SPierre Pronchery=head1 SYNOPSIS 9*b077aed3SPierre Pronchery 10*b077aed3SPierre ProncheryB<openssl ecparam> 11*b077aed3SPierre Pronchery[B<-help>] 12*b077aed3SPierre Pronchery[B<-inform> B<DER>|B<PEM>] 13*b077aed3SPierre Pronchery[B<-outform> B<DER>|B<PEM>] 14*b077aed3SPierre Pronchery[B<-in> I<filename>] 15*b077aed3SPierre Pronchery[B<-out> I<filename>] 16*b077aed3SPierre Pronchery[B<-noout>] 17*b077aed3SPierre Pronchery[B<-text>] 18*b077aed3SPierre Pronchery[B<-check>] 19*b077aed3SPierre Pronchery[B<-check_named>] 20*b077aed3SPierre Pronchery[B<-name> I<arg>] 21*b077aed3SPierre Pronchery[B<-list_curves>] 22*b077aed3SPierre Pronchery[B<-conv_form> I<arg>] 23*b077aed3SPierre Pronchery[B<-param_enc> I<arg>] 24*b077aed3SPierre Pronchery[B<-no_seed>] 25*b077aed3SPierre Pronchery[B<-genkey>] 26*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -} 27*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_synopsis -} 28*b077aed3SPierre Pronchery 29*b077aed3SPierre Pronchery=head1 DESCRIPTION 30*b077aed3SPierre Pronchery 31*b077aed3SPierre ProncheryThis command is used to manipulate or generate EC parameter files. 32*b077aed3SPierre Pronchery 33*b077aed3SPierre ProncheryOpenSSL is currently not able to generate new groups and therefore 34*b077aed3SPierre Proncherythis command can only create EC parameters from known (named) curves. 35*b077aed3SPierre Pronchery 36*b077aed3SPierre Pronchery=head1 OPTIONS 37*b077aed3SPierre Pronchery 38*b077aed3SPierre Pronchery=over 4 39*b077aed3SPierre Pronchery 40*b077aed3SPierre Pronchery=item B<-help> 41*b077aed3SPierre Pronchery 42*b077aed3SPierre ProncheryPrint out a usage message. 43*b077aed3SPierre Pronchery 44*b077aed3SPierre Pronchery=item B<-inform> B<DER>|B<PEM> 45*b077aed3SPierre Pronchery 46*b077aed3SPierre ProncheryThe EC parameters input format; unspecified by default. 47*b077aed3SPierre ProncherySee L<openssl-format-options(1)> for details. 48*b077aed3SPierre Pronchery 49*b077aed3SPierre Pronchery=item B<-outform> B<DER>|B<PEM> 50*b077aed3SPierre Pronchery 51*b077aed3SPierre ProncheryThe EC parameters output format; the default is B<PEM>. 52*b077aed3SPierre ProncherySee L<openssl-format-options(1)> for details. 53*b077aed3SPierre Pronchery 54*b077aed3SPierre ProncheryParameters are encoded as B<EcpkParameters> as specified in IETF RFC 3279. 55*b077aed3SPierre Pronchery 56*b077aed3SPierre Pronchery=item B<-in> I<filename> 57*b077aed3SPierre Pronchery 58*b077aed3SPierre ProncheryThis specifies the input filename to read parameters from or standard input if 59*b077aed3SPierre Proncherythis option is not specified. 60*b077aed3SPierre Pronchery 61*b077aed3SPierre Pronchery=item B<-out> I<filename> 62*b077aed3SPierre Pronchery 63*b077aed3SPierre ProncheryThis specifies the output filename parameters to. Standard output is used 64*b077aed3SPierre Proncheryif this option is not present. The output filename should B<not> be the same 65*b077aed3SPierre Proncheryas the input filename. 66*b077aed3SPierre Pronchery 67*b077aed3SPierre Pronchery=item B<-noout> 68*b077aed3SPierre Pronchery 69*b077aed3SPierre ProncheryThis option inhibits the output of the encoded version of the parameters. 70*b077aed3SPierre Pronchery 71*b077aed3SPierre Pronchery=item B<-text> 72*b077aed3SPierre Pronchery 73*b077aed3SPierre ProncheryThis option prints out the EC parameters in human readable form. 74*b077aed3SPierre Pronchery 75*b077aed3SPierre Pronchery=item B<-check> 76*b077aed3SPierre Pronchery 77*b077aed3SPierre ProncheryValidate the elliptic curve parameters. 78*b077aed3SPierre Pronchery 79*b077aed3SPierre Pronchery=item B<-check_named> 80*b077aed3SPierre Pronchery 81*b077aed3SPierre ProncheryValidate the elliptic name curve parameters by checking if the curve parameters 82*b077aed3SPierre Proncherymatch any built-in curves. 83*b077aed3SPierre Pronchery 84*b077aed3SPierre Pronchery=item B<-name> I<arg> 85*b077aed3SPierre Pronchery 86*b077aed3SPierre ProncheryUse the EC parameters with the specified 'short' name. Use B<-list_curves> 87*b077aed3SPierre Proncheryto get a list of all currently implemented EC parameters. 88*b077aed3SPierre Pronchery 89*b077aed3SPierre Pronchery=item B<-list_curves> 90*b077aed3SPierre Pronchery 91*b077aed3SPierre ProncheryPrint out a list of all currently implemented EC parameters names and exit. 92*b077aed3SPierre Pronchery 93*b077aed3SPierre Pronchery=item B<-conv_form> I<arg> 94*b077aed3SPierre Pronchery 95*b077aed3SPierre ProncheryThis specifies how the points on the elliptic curve are converted 96*b077aed3SPierre Proncheryinto octet strings. Possible values are: B<compressed>, B<uncompressed> (the 97*b077aed3SPierre Proncherydefault value) and B<hybrid>. For more information regarding 98*b077aed3SPierre Proncherythe point conversion forms please read the X9.62 standard. 99*b077aed3SPierre ProncheryB<Note> Due to patent issues the B<compressed> option is disabled 100*b077aed3SPierre Proncheryby default for binary curves and can be enabled by defining 101*b077aed3SPierre Proncherythe preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time. 102*b077aed3SPierre Pronchery 103*b077aed3SPierre Pronchery=item B<-param_enc> I<arg> 104*b077aed3SPierre Pronchery 105*b077aed3SPierre ProncheryThis specifies how the elliptic curve parameters are encoded. 106*b077aed3SPierre ProncheryPossible value are: B<named_curve>, i.e. the ec parameters are 107*b077aed3SPierre Proncheryspecified by an OID, or B<explicit> where the ec parameters are 108*b077aed3SPierre Proncheryexplicitly given (see RFC 3279 for the definition of the 109*b077aed3SPierre ProncheryEC parameters structures). The default value is B<named_curve>. 110*b077aed3SPierre ProncheryB<Note> the B<implicitlyCA> alternative, as specified in RFC 3279, 111*b077aed3SPierre Proncheryis currently not implemented in OpenSSL. 112*b077aed3SPierre Pronchery 113*b077aed3SPierre Pronchery=item B<-no_seed> 114*b077aed3SPierre Pronchery 115*b077aed3SPierre ProncheryThis option inhibits that the 'seed' for the parameter generation 116*b077aed3SPierre Proncheryis included in the ECParameters structure (see RFC 3279). 117*b077aed3SPierre Pronchery 118*b077aed3SPierre Pronchery=item B<-genkey> 119*b077aed3SPierre Pronchery 120*b077aed3SPierre ProncheryThis option will generate an EC private key using the specified parameters. 121*b077aed3SPierre Pronchery 122*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_engine_item -} 123*b077aed3SPierre Pronchery 124*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_r_item -} 125*b077aed3SPierre Pronchery 126*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_item -} 127*b077aed3SPierre Pronchery 128*b077aed3SPierre Pronchery=back 129*b077aed3SPierre Pronchery 130*b077aed3SPierre ProncheryThe L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)> commands are capable 131*b077aed3SPierre Proncheryof performing all the operations this command can, as well as supporting 132*b077aed3SPierre Proncheryother public key types. 133*b077aed3SPierre Pronchery 134*b077aed3SPierre Pronchery=head1 EXAMPLES 135*b077aed3SPierre Pronchery 136*b077aed3SPierre ProncheryThe documentation for the L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)> 137*b077aed3SPierre Proncherycommands contains examples equivalent to the ones listed here. 138*b077aed3SPierre Pronchery 139*b077aed3SPierre ProncheryTo create EC parameters with the group 'prime192v1': 140*b077aed3SPierre Pronchery 141*b077aed3SPierre Pronchery openssl ecparam -out ec_param.pem -name prime192v1 142*b077aed3SPierre Pronchery 143*b077aed3SPierre ProncheryTo create EC parameters with explicit parameters: 144*b077aed3SPierre Pronchery 145*b077aed3SPierre Pronchery openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit 146*b077aed3SPierre Pronchery 147*b077aed3SPierre ProncheryTo validate given EC parameters: 148*b077aed3SPierre Pronchery 149*b077aed3SPierre Pronchery openssl ecparam -in ec_param.pem -check 150*b077aed3SPierre Pronchery 151*b077aed3SPierre ProncheryTo create EC parameters and a private key: 152*b077aed3SPierre Pronchery 153*b077aed3SPierre Pronchery openssl ecparam -out ec_key.pem -name prime192v1 -genkey 154*b077aed3SPierre Pronchery 155*b077aed3SPierre ProncheryTo change the point encoding to 'compressed': 156*b077aed3SPierre Pronchery 157*b077aed3SPierre Pronchery openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed 158*b077aed3SPierre Pronchery 159*b077aed3SPierre ProncheryTo print out the EC parameters to standard output: 160*b077aed3SPierre Pronchery 161*b077aed3SPierre Pronchery openssl ecparam -in ec_param.pem -noout -text 162*b077aed3SPierre Pronchery 163*b077aed3SPierre Pronchery=head1 SEE ALSO 164*b077aed3SPierre Pronchery 165*b077aed3SPierre ProncheryL<openssl(1)>, 166*b077aed3SPierre ProncheryL<openssl-pkeyparam(1)>, 167*b077aed3SPierre ProncheryL<openssl-genpkey(1)>, 168*b077aed3SPierre ProncheryL<openssl-ec(1)>, 169*b077aed3SPierre ProncheryL<openssl-dsaparam(1)> 170*b077aed3SPierre Pronchery 171*b077aed3SPierre Pronchery=head1 HISTORY 172*b077aed3SPierre Pronchery 173*b077aed3SPierre ProncheryThe B<-engine> option was deprecated in OpenSSL 3.0. 174*b077aed3SPierre Pronchery 175*b077aed3SPierre ProncheryThe B<-C> option was removed in OpenSSL 3.0. 176*b077aed3SPierre Pronchery 177*b077aed3SPierre Pronchery=head1 COPYRIGHT 178*b077aed3SPierre Pronchery 179*b077aed3SPierre ProncheryCopyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved. 180*b077aed3SPierre Pronchery 181*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 182*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 183*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 184*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 185*b077aed3SPierre Pronchery 186*b077aed3SPierre Pronchery=cut 187