1b077aed3SPierre Pronchery=pod 2b077aed3SPierre Pronchery 3b077aed3SPierre Pronchery=begin comment 4b077aed3SPierre Pronchery{- join("\n", @autowarntext) -} 5b077aed3SPierre Pronchery 6b077aed3SPierre Pronchery=end comment 7b077aed3SPierre Pronchery 8b077aed3SPierre Pronchery=head1 NAME 9b077aed3SPierre Pronchery 10b077aed3SPierre Proncheryopenssl-genpkey - generate a private key 11b077aed3SPierre Pronchery 12b077aed3SPierre Pronchery=head1 SYNOPSIS 13b077aed3SPierre Pronchery 14b077aed3SPierre ProncheryB<openssl> B<genpkey> 15b077aed3SPierre Pronchery[B<-help>] 16b077aed3SPierre Pronchery[B<-out> I<filename>] 17b077aed3SPierre Pronchery[B<-outform> B<DER>|B<PEM>] 18b077aed3SPierre Pronchery[B<-quiet>] 19b077aed3SPierre Pronchery[B<-pass> I<arg>] 20b077aed3SPierre Pronchery[B<-I<cipher>>] 21b077aed3SPierre Pronchery[B<-paramfile> I<file>] 22b077aed3SPierre Pronchery[B<-algorithm> I<alg>] 23b077aed3SPierre Pronchery[B<-pkeyopt> I<opt>:I<value>] 24b077aed3SPierre Pronchery[B<-genparam>] 25b077aed3SPierre Pronchery[B<-text>] 26b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -} 27b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_config_synopsis -} 28b077aed3SPierre Pronchery 29b077aed3SPierre Pronchery=head1 DESCRIPTION 30b077aed3SPierre Pronchery 31b077aed3SPierre ProncheryThis command generates a private key. 32b077aed3SPierre Pronchery 33b077aed3SPierre Pronchery=head1 OPTIONS 34b077aed3SPierre Pronchery 35b077aed3SPierre Pronchery=over 4 36b077aed3SPierre Pronchery 37b077aed3SPierre Pronchery=item B<-help> 38b077aed3SPierre Pronchery 39b077aed3SPierre ProncheryPrint out a usage message. 40b077aed3SPierre Pronchery 41b077aed3SPierre Pronchery=item B<-out> I<filename> 42b077aed3SPierre Pronchery 43b077aed3SPierre ProncheryOutput the key to the specified file. If this argument is not specified then 44b077aed3SPierre Proncherystandard output is used. 45b077aed3SPierre Pronchery 46b077aed3SPierre Pronchery=item B<-outform> B<DER>|B<PEM> 47b077aed3SPierre Pronchery 48b077aed3SPierre ProncheryThe output format, except when B<-genparam> is given; the default is B<PEM>. 49b077aed3SPierre ProncherySee L<openssl-format-options(1)> for details. 50b077aed3SPierre Pronchery 51b077aed3SPierre ProncheryWhen B<-genparam> is given, B<-outform> is ignored. 52b077aed3SPierre Pronchery 53b077aed3SPierre Pronchery=item B<-quiet> 54b077aed3SPierre Pronchery 55b077aed3SPierre ProncheryDo not output "status dots" while generating keys. 56b077aed3SPierre Pronchery 57b077aed3SPierre Pronchery=item B<-pass> I<arg> 58b077aed3SPierre Pronchery 59b077aed3SPierre ProncheryThe output file password source. For more information about the format of I<arg> 60b077aed3SPierre Proncherysee L<openssl-passphrase-options(1)>. 61b077aed3SPierre Pronchery 62b077aed3SPierre Pronchery=item B<-I<cipher>> 63b077aed3SPierre Pronchery 64b077aed3SPierre ProncheryThis option encrypts the private key with the supplied cipher. Any algorithm 65b077aed3SPierre Proncheryname accepted by EVP_get_cipherbyname() is acceptable such as B<des3>. 66b077aed3SPierre Pronchery 67b077aed3SPierre Pronchery=item B<-algorithm> I<alg> 68b077aed3SPierre Pronchery 69b077aed3SPierre ProncheryPublic key algorithm to use such as RSA, DSA, DH or DHX. If used this option must 70b077aed3SPierre Proncheryprecede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm> 71b077aed3SPierre Proncheryare mutually exclusive. Engines may add algorithms in addition to the standard 72b077aed3SPierre Proncherybuilt-in ones. 73b077aed3SPierre Pronchery 74b077aed3SPierre ProncheryValid built-in algorithm names for private key generation are RSA, RSA-PSS, EC, 75b077aed3SPierre ProncheryX25519, X448, ED25519 and ED448. 76b077aed3SPierre Pronchery 77b077aed3SPierre ProncheryValid built-in algorithm names for parameter generation (see the B<-genparam> 78b077aed3SPierre Proncheryoption) are DH, DSA and EC. 79b077aed3SPierre Pronchery 80b077aed3SPierre ProncheryNote that the algorithm name X9.42 DH may be used as a synonym for DHX keys and 81b077aed3SPierre ProncheryPKCS#3 refers to DH Keys. Some options are not shared between DH and DHX keys. 82b077aed3SPierre Pronchery 83b077aed3SPierre Pronchery=item B<-pkeyopt> I<opt>:I<value> 84b077aed3SPierre Pronchery 85b077aed3SPierre ProncherySet the public key algorithm option I<opt> to I<value>. The precise set of 86b077aed3SPierre Proncheryoptions supported depends on the public key algorithm used and its 87b077aed3SPierre Proncheryimplementation. See L</KEY GENERATION OPTIONS> and 88b077aed3SPierre ProncheryL</PARAMETER GENERATION OPTIONS> below for more details. 89b077aed3SPierre Pronchery 90b077aed3SPierre Pronchery=item B<-genparam> 91b077aed3SPierre Pronchery 92b077aed3SPierre ProncheryGenerate a set of parameters instead of a private key. If used this option must 93b077aed3SPierre Proncheryprecede any B<-algorithm>, B<-paramfile> or B<-pkeyopt> options. 94b077aed3SPierre Pronchery 95b077aed3SPierre Pronchery=item B<-paramfile> I<filename> 96b077aed3SPierre Pronchery 97b077aed3SPierre ProncherySome public key algorithms generate a private key based on a set of parameters. 98b077aed3SPierre ProncheryThey can be supplied using this option. If this option is used the public key 99b077aed3SPierre Proncheryalgorithm used is determined by the parameters. If used this option must 100b077aed3SPierre Proncheryprecede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm> 101b077aed3SPierre Proncheryare mutually exclusive. 102b077aed3SPierre Pronchery 103b077aed3SPierre Pronchery=item B<-text> 104b077aed3SPierre Pronchery 105b077aed3SPierre ProncheryPrint an (unencrypted) text representation of private and public keys and 106b077aed3SPierre Proncheryparameters along with the PEM or DER structure. 107b077aed3SPierre Pronchery 108b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_engine_item -} 109b077aed3SPierre Pronchery 110b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_item -} 111b077aed3SPierre Pronchery 112b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_config_item -} 113b077aed3SPierre Pronchery 114b077aed3SPierre Pronchery=back 115b077aed3SPierre Pronchery 116b077aed3SPierre Pronchery=head1 KEY GENERATION OPTIONS 117b077aed3SPierre Pronchery 118b077aed3SPierre ProncheryThe options supported by each algorithm and indeed each implementation of an 119b077aed3SPierre Proncheryalgorithm can vary. The options for the OpenSSL implementations are detailed 120b077aed3SPierre Proncherybelow. There are no key generation options defined for the X25519, X448, ED25519 121b077aed3SPierre Proncheryor ED448 algorithms. 122b077aed3SPierre Pronchery 123b077aed3SPierre Pronchery=head2 RSA Key Generation Options 124b077aed3SPierre Pronchery 125b077aed3SPierre Pronchery=over 4 126b077aed3SPierre Pronchery 127b077aed3SPierre Pronchery=item B<rsa_keygen_bits:numbits> 128b077aed3SPierre Pronchery 129b077aed3SPierre ProncheryThe number of bits in the generated key. If not specified 2048 is used. 130b077aed3SPierre Pronchery 131b077aed3SPierre Pronchery=item B<rsa_keygen_primes:numprimes> 132b077aed3SPierre Pronchery 133b077aed3SPierre ProncheryThe number of primes in the generated key. If not specified 2 is used. 134b077aed3SPierre Pronchery 135b077aed3SPierre Pronchery=item B<rsa_keygen_pubexp:value> 136b077aed3SPierre Pronchery 137b077aed3SPierre ProncheryThe RSA public exponent value. This can be a large decimal or 138b077aed3SPierre Proncheryhexadecimal value if preceded by C<0x>. Default value is 65537. 139b077aed3SPierre Pronchery 140b077aed3SPierre Pronchery=back 141b077aed3SPierre Pronchery 142b077aed3SPierre Pronchery=head2 RSA-PSS Key Generation Options 143b077aed3SPierre Pronchery 144b077aed3SPierre ProncheryNote: by default an B<RSA-PSS> key has no parameter restrictions. 145b077aed3SPierre Pronchery 146b077aed3SPierre Pronchery=over 4 147b077aed3SPierre Pronchery 148b077aed3SPierre Pronchery=item B<rsa_keygen_bits>:I<numbits>, B<rsa_keygen_primes>:I<numprimes>, 149b077aed3SPierre ProncheryB<rsa_keygen_pubexp>:I<value> 150b077aed3SPierre Pronchery 151b077aed3SPierre ProncheryThese options have the same meaning as the B<RSA> algorithm. 152b077aed3SPierre Pronchery 153b077aed3SPierre Pronchery=item B<rsa_pss_keygen_md>:I<digest> 154b077aed3SPierre Pronchery 155b077aed3SPierre ProncheryIf set the key is restricted and can only use I<digest> for signing. 156b077aed3SPierre Pronchery 157b077aed3SPierre Pronchery=item B<rsa_pss_keygen_mgf1_md>:I<digest> 158b077aed3SPierre Pronchery 159b077aed3SPierre ProncheryIf set the key is restricted and can only use I<digest> as it's MGF1 160b077aed3SPierre Proncheryparameter. 161b077aed3SPierre Pronchery 162b077aed3SPierre Pronchery=item B<rsa_pss_keygen_saltlen>:I<len> 163b077aed3SPierre Pronchery 164b077aed3SPierre ProncheryIf set the key is restricted and I<len> specifies the minimum salt length. 165b077aed3SPierre Pronchery 166b077aed3SPierre Pronchery=back 167b077aed3SPierre Pronchery 168b077aed3SPierre Pronchery=head2 EC Key Generation Options 169b077aed3SPierre Pronchery 170b077aed3SPierre ProncheryThe EC key generation options can also be used for parameter generation. 171b077aed3SPierre Pronchery 172b077aed3SPierre Pronchery=over 4 173b077aed3SPierre Pronchery 174b077aed3SPierre Pronchery=item B<ec_paramgen_curve>:I<curve> 175b077aed3SPierre Pronchery 176b077aed3SPierre ProncheryThe EC curve to use. OpenSSL supports NIST curve names such as "P-256". 177b077aed3SPierre Pronchery 178b077aed3SPierre Pronchery=item B<ec_param_enc>:I<encoding> 179b077aed3SPierre Pronchery 180b077aed3SPierre ProncheryThe encoding to use for parameters. The I<encoding> parameter must be either 181b077aed3SPierre ProncheryB<named_curve> or B<explicit>. The default value is B<named_curve>. 182b077aed3SPierre Pronchery 183b077aed3SPierre Pronchery=back 184b077aed3SPierre Pronchery 185b077aed3SPierre Pronchery=head2 DH Key Generation Options 186b077aed3SPierre Pronchery 187b077aed3SPierre Pronchery=over 4 188b077aed3SPierre Pronchery 189b077aed3SPierre Pronchery=item B<group>:I<name> 190b077aed3SPierre Pronchery 191b077aed3SPierre ProncheryThe B<paramfile> option is not required if a named group is used here. 192b077aed3SPierre ProncherySee the L</DH Parameter Generation Options> section below. 193b077aed3SPierre Pronchery 194b077aed3SPierre Pronchery=back 195b077aed3SPierre Pronchery 196b077aed3SPierre Pronchery 197b077aed3SPierre Pronchery=head1 PARAMETER GENERATION OPTIONS 198b077aed3SPierre Pronchery 199b077aed3SPierre ProncheryThe options supported by each algorithm and indeed each implementation of an 200b077aed3SPierre Proncheryalgorithm can vary. The options for the OpenSSL implementations are detailed 201b077aed3SPierre Proncherybelow. 202b077aed3SPierre Pronchery 203b077aed3SPierre Pronchery=head2 DSA Parameter Generation Options 204b077aed3SPierre Pronchery 205b077aed3SPierre Pronchery=over 4 206b077aed3SPierre Pronchery 207b077aed3SPierre Pronchery=item B<dsa_paramgen_bits>:I<numbits> 208b077aed3SPierre Pronchery 209b077aed3SPierre ProncheryThe number of bits in the generated prime. If not specified 2048 is used. 210b077aed3SPierre Pronchery 211b077aed3SPierre Pronchery=item B<dsa_paramgen_q_bits>:I<numbits> 212b077aed3SPierre Pronchery 213b077aed3SPierre Pronchery=item B<qbits>:I<numbits> 214b077aed3SPierre Pronchery 215b077aed3SPierre ProncheryThe number of bits in the q parameter. Must be one of 160, 224 or 256. If not 216b077aed3SPierre Proncheryspecified 224 is used. 217b077aed3SPierre Pronchery 218b077aed3SPierre Pronchery=item B<dsa_paramgen_md>:I<digest> 219b077aed3SPierre Pronchery 220b077aed3SPierre Pronchery=item B<digest>:I<digest> 221b077aed3SPierre Pronchery 222b077aed3SPierre ProncheryThe digest to use during parameter generation. Must be one of B<sha1>, B<sha224> 223b077aed3SPierre Proncheryor B<sha256>. If set, then the number of bits in B<q> will match the output size 224b077aed3SPierre Proncheryof the specified digest and the B<dsa_paramgen_q_bits> parameter will be 225b077aed3SPierre Proncheryignored. If not set, then a digest will be used that gives an output matching 226b077aed3SPierre Proncherythe number of bits in B<q>, i.e. B<sha1> if q length is 160, B<sha224> if it 224 227b077aed3SPierre Proncheryor B<sha256> if it is 256. 228b077aed3SPierre Pronchery 229b077aed3SPierre Pronchery=item B<properties>:I<query> 230b077aed3SPierre Pronchery 231b077aed3SPierre ProncheryThe I<digest> property I<query> string to use when fetching a digest from a provider. 232b077aed3SPierre Pronchery 233b077aed3SPierre Pronchery=item B<type>:I<type> 234b077aed3SPierre Pronchery 235b077aed3SPierre ProncheryThe type of generation to use. Set this to 1 to use legacy FIPS186-2 parameter 236b077aed3SPierre Proncherygeneration. The default of 0 uses FIPS186-4 parameter generation. 237b077aed3SPierre Pronchery 238b077aed3SPierre Pronchery=item B<gindex>:I<index> 239b077aed3SPierre Pronchery 240b077aed3SPierre ProncheryThe index to use for canonical generation and verification of the generator g. 241b077aed3SPierre ProncherySet this to a positive value ranging from 0..255 to use this mode. Larger values 242b077aed3SPierre Proncherywill only use the bottom byte. 243b077aed3SPierre ProncheryThis I<index> must then be reused during key validation to verify the value of g. 244b077aed3SPierre ProncheryIf this value is not set then g is not verifiable. The default value is -1. 245b077aed3SPierre Pronchery 246b077aed3SPierre Pronchery=item B<hexseed>:I<seed> 247b077aed3SPierre Pronchery 248b077aed3SPierre ProncheryThe seed I<seed> data to use instead of generating a random seed internally. 249b077aed3SPierre ProncheryThis should be used for testing purposes only. This will either produced fixed 250b077aed3SPierre Proncheryvalues for the generated parameters OR it will fail if the seed did not 251b077aed3SPierre Proncherygenerate valid primes. 252b077aed3SPierre Pronchery 253b077aed3SPierre Pronchery=back 254b077aed3SPierre Pronchery 255b077aed3SPierre Pronchery=head2 DH Parameter Generation Options 256b077aed3SPierre Pronchery 257b077aed3SPierre ProncheryFor most use cases it is recommended to use the B<group> option rather than 258b077aed3SPierre Proncherythe B<type> options. Note that the B<group> option is not used by default if 259b077aed3SPierre Proncheryno parameter generation options are specified. 260b077aed3SPierre Pronchery 261b077aed3SPierre Pronchery=over 4 262b077aed3SPierre Pronchery 263b077aed3SPierre Pronchery=item B<group>:I<name> 264b077aed3SPierre Pronchery 265b077aed3SPierre Pronchery=item B<dh_param>:I<name> 266b077aed3SPierre Pronchery 267b077aed3SPierre ProncheryUse a named DH group to select constant values for the DH parameters. 268b077aed3SPierre ProncheryAll other options will be ignored if this value is set. 269b077aed3SPierre Pronchery 270b077aed3SPierre ProncheryValid values that are associated with the B<algorithm> of B<"DH"> are: 271b077aed3SPierre Pronchery"ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144", "ffdhe8192", 272b077aed3SPierre Pronchery"modp_1536", "modp_2048", "modp_3072", "modp_4096", "modp_6144", "modp_8192". 273b077aed3SPierre Pronchery 274b077aed3SPierre ProncheryValid values that are associated with the B<algorithm> of B<"DHX"> are the 275b077aed3SPierre ProncheryRFC5114 names "dh_1024_160", "dh_2048_224", "dh_2048_256". 276b077aed3SPierre Pronchery 277b077aed3SPierre Pronchery=item B<dh_rfc5114>:I<num> 278b077aed3SPierre Pronchery 279b077aed3SPierre ProncheryIf this option is set, then the appropriate RFC5114 parameters are used 280b077aed3SPierre Proncheryinstead of generating new parameters. The value I<num> can be one of 281*aa795734SPierre Pronchery1, 2 or 3 that are equivalent to using the option B<group> with one of 282b077aed3SPierre Pronchery"dh_1024_160", "dh_2048_224" or "dh_2048_256". 283b077aed3SPierre ProncheryAll other options will be ignored if this value is set. 284b077aed3SPierre Pronchery 285b077aed3SPierre Pronchery=item B<pbits>:I<numbits> 286b077aed3SPierre Pronchery 287b077aed3SPierre Pronchery=item B<dh_paramgen_prime_len>:I<numbits> 288b077aed3SPierre Pronchery 289b077aed3SPierre ProncheryThe number of bits in the prime parameter I<p>. The default is 2048. 290b077aed3SPierre Pronchery 291b077aed3SPierre Pronchery=item B<qbits>:I<numbits> 292b077aed3SPierre Pronchery 293b077aed3SPierre Pronchery=item B<dh_paramgen_subprime_len>:I<numbits> 294b077aed3SPierre Pronchery 295b077aed3SPierre ProncheryThe number of bits in the sub prime parameter I<q>. The default is 224. 296b077aed3SPierre ProncheryOnly relevant if used in conjunction with the B<dh_paramgen_type> option to 297b077aed3SPierre Proncherygenerate DHX parameters. 298b077aed3SPierre Pronchery 299b077aed3SPierre Pronchery=item B<safeprime-generator>:I<value> 300b077aed3SPierre Pronchery 301b077aed3SPierre Pronchery=item B<dh_paramgen_generator>:I<value> 302b077aed3SPierre Pronchery 303b077aed3SPierre ProncheryThe value to use for the generator I<g>. The default is 2. 304b077aed3SPierre ProncheryThe B<algorithm> option must be B<"DH"> for this parameter to be used. 305b077aed3SPierre Pronchery 306b077aed3SPierre Pronchery=item B<type>:I<string> 307b077aed3SPierre Pronchery 308b077aed3SPierre ProncheryThe type name of DH parameters to generate. Valid values are: 309b077aed3SPierre Pronchery 310b077aed3SPierre Pronchery=over 4 311b077aed3SPierre Pronchery 312b077aed3SPierre Pronchery=item "generator" 313b077aed3SPierre Pronchery 314b077aed3SPierre ProncheryUse a safe prime generator with the option B<safeprime_generator> 315b077aed3SPierre ProncheryThe B<algorithm> option must be B<"DH">. 316b077aed3SPierre Pronchery 317b077aed3SPierre Pronchery=item "fips186_4" 318b077aed3SPierre Pronchery 319b077aed3SPierre ProncheryFIPS186-4 parameter generation. 320b077aed3SPierre ProncheryThe B<algorithm> option must be B<"DHX">. 321b077aed3SPierre Pronchery 322b077aed3SPierre Pronchery=item "fips186_2" 323b077aed3SPierre Pronchery 324b077aed3SPierre ProncheryFIPS186-4 parameter generation. 325b077aed3SPierre ProncheryThe B<algorithm> option must be B<"DHX">. 326b077aed3SPierre Pronchery 327b077aed3SPierre Pronchery=item "group" 328b077aed3SPierre Pronchery 329b077aed3SPierre ProncheryCan be used with the option B<pbits> to select one of 330b077aed3SPierre Pronchery"ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144" or "ffdhe8192". 331b077aed3SPierre ProncheryThe B<algorithm> option must be B<"DH">. 332b077aed3SPierre Pronchery 333b077aed3SPierre Pronchery=item "default" 334b077aed3SPierre Pronchery 335b077aed3SPierre ProncherySelects a default type based on the B<algorithm>. This is used by the 336*aa795734SPierre ProncheryOpenSSL default provider to set the type for backwards compatibility. 337b077aed3SPierre ProncheryIf B<algorithm> is B<"DH"> then B<"generator"> is used. 338b077aed3SPierre ProncheryIf B<algorithm> is B<"DHX"> then B<"fips186_2"> is used. 339b077aed3SPierre Pronchery 340b077aed3SPierre Pronchery=back 341b077aed3SPierre Pronchery 342b077aed3SPierre Pronchery=item B<dh_paramgen_type>:I<value> 343b077aed3SPierre Pronchery 344b077aed3SPierre ProncheryThe type of DH parameters to generate. Valid values are 0, 1, 2 or 3 345b077aed3SPierre Proncherywhich correspond to setting the option B<type> to 346b077aed3SPierre Pronchery"generator", "fips186_2", "fips186_4" or "group". 347b077aed3SPierre Pronchery 348b077aed3SPierre Pronchery=item B<digest>:I<digest> 349b077aed3SPierre Pronchery 350b077aed3SPierre ProncheryThe digest to use during parameter generation. Must be one of B<sha1>, B<sha224> 351b077aed3SPierre Proncheryor B<sha256>. If set, then the number of bits in B<qbits> will match the output 352b077aed3SPierre Proncherysize of the specified digest and the B<qbits> parameter will be 353b077aed3SPierre Proncheryignored. If not set, then a digest will be used that gives an output matching 354b077aed3SPierre Proncherythe number of bits in B<q>, i.e. B<sha1> if q length is 160, B<sha224> if it is 355b077aed3SPierre Pronchery224 or B<sha256> if it is 256. 356b077aed3SPierre ProncheryThis is only used by "fips186_4" and "fips186_2" key generation. 357b077aed3SPierre Pronchery 358b077aed3SPierre Pronchery=item B<properties>:I<query> 359b077aed3SPierre Pronchery 360b077aed3SPierre ProncheryThe I<digest> property I<query> string to use when fetching a digest from a provider. 361b077aed3SPierre ProncheryThis is only used by "fips186_4" and "fips186_2" key generation. 362b077aed3SPierre Pronchery 363b077aed3SPierre Pronchery=item B<gindex>:I<index> 364b077aed3SPierre Pronchery 365b077aed3SPierre ProncheryThe index to use for canonical generation and verification of the generator g. 366b077aed3SPierre ProncherySet this to a positive value ranging from 0..255 to use this mode. Larger values 367b077aed3SPierre Proncherywill only use the bottom byte. 368b077aed3SPierre ProncheryThis I<index> must then be reused during key validation to verify the value of g. 369b077aed3SPierre ProncheryIf this value is not set then g is not verifiable. The default value is -1. 370b077aed3SPierre ProncheryThis is only used by "fips186_4" and "fips186_2" key generation. 371b077aed3SPierre Pronchery 372b077aed3SPierre Pronchery=item B<hexseed>:I<seed> 373b077aed3SPierre Pronchery 374b077aed3SPierre ProncheryThe seed I<seed> data to use instead of generating a random seed internally. 375b077aed3SPierre ProncheryThis should be used for testing purposes only. This will either produced fixed 376b077aed3SPierre Proncheryvalues for the generated parameters OR it will fail if the seed did not 377b077aed3SPierre Proncherygenerate valid primes. 378b077aed3SPierre ProncheryThis is only used by "fips186_4" and "fips186_2" key generation. 379b077aed3SPierre Pronchery 380b077aed3SPierre Pronchery=back 381b077aed3SPierre Pronchery 382b077aed3SPierre Pronchery=head2 EC Parameter Generation Options 383b077aed3SPierre Pronchery 384b077aed3SPierre ProncheryThe EC parameter generation options are the same as for key generation. See 385b077aed3SPierre ProncheryL</EC Key Generation Options> above. 386b077aed3SPierre Pronchery 387b077aed3SPierre Pronchery=head1 NOTES 388b077aed3SPierre Pronchery 389b077aed3SPierre ProncheryThe use of the genpkey program is encouraged over the algorithm specific 390b077aed3SPierre Proncheryutilities because additional algorithm options and ENGINE provided algorithms 391b077aed3SPierre Proncherycan be used. 392b077aed3SPierre Pronchery 393b077aed3SPierre Pronchery=head1 EXAMPLES 394b077aed3SPierre Pronchery 395b077aed3SPierre ProncheryGenerate an RSA private key using default parameters: 396b077aed3SPierre Pronchery 397b077aed3SPierre Pronchery openssl genpkey -algorithm RSA -out key.pem 398b077aed3SPierre Pronchery 399b077aed3SPierre ProncheryEncrypt output private key using 128 bit AES and the passphrase "hello": 400b077aed3SPierre Pronchery 401b077aed3SPierre Pronchery openssl genpkey -algorithm RSA -out key.pem -aes-128-cbc -pass pass:hello 402b077aed3SPierre Pronchery 403b077aed3SPierre ProncheryGenerate a 2048 bit RSA key using 3 as the public exponent: 404b077aed3SPierre Pronchery 405b077aed3SPierre Pronchery openssl genpkey -algorithm RSA -out key.pem \ 406b077aed3SPierre Pronchery -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 407b077aed3SPierre Pronchery 408b077aed3SPierre ProncheryGenerate 2048 bit DSA parameters that can be validated: The output values for 409b077aed3SPierre Proncherygindex and seed are required for key validation purposes and are not saved to 410b077aed3SPierre Proncherythe output pem file). 411b077aed3SPierre Pronchery 412b077aed3SPierre Pronchery openssl genpkey -genparam -algorithm DSA -out dsap.pem -pkeyopt pbits:2048 \ 413b077aed3SPierre Pronchery -pkeyopt qbits:224 -pkeyopt digest:SHA256 -pkeyopt gindex:1 -text 414b077aed3SPierre Pronchery 415b077aed3SPierre ProncheryGenerate DSA key from parameters: 416b077aed3SPierre Pronchery 417b077aed3SPierre Pronchery openssl genpkey -paramfile dsap.pem -out dsakey.pem 418b077aed3SPierre Pronchery 419b077aed3SPierre ProncheryGenerate 4096 bit DH Key using safe prime group ffdhe4096: 420b077aed3SPierre Pronchery 421b077aed3SPierre Pronchery openssl genpkey -algorithm DH -out dhkey.pem -pkeyopt group:ffdhe4096 422b077aed3SPierre Pronchery 423b077aed3SPierre ProncheryGenerate 2048 bit X9.42 DH key with 256 bit subgroup using RFC5114 group3: 424b077aed3SPierre Pronchery 425b077aed3SPierre Pronchery openssl genpkey -algorithm DHX -out dhkey.pem -pkeyopt dh_rfc5114:3 426b077aed3SPierre Pronchery 427b077aed3SPierre ProncheryGenerate a DH key using a DH parameters file: 428b077aed3SPierre Pronchery 429b077aed3SPierre Pronchery openssl genpkey -paramfile dhp.pem -out dhkey.pem 430b077aed3SPierre Pronchery 431b077aed3SPierre ProncheryOutput DH parameters for safe prime group ffdhe2048: 432b077aed3SPierre Pronchery 433b077aed3SPierre Pronchery openssl genpkey -genparam -algorithm DH -out dhp.pem -pkeyopt group:ffdhe2048 434b077aed3SPierre Pronchery 435b077aed3SPierre ProncheryOutput 2048 bit X9.42 DH parameters with 224 bit subgroup using RFC5114 group2: 436b077aed3SPierre Pronchery 437b077aed3SPierre Pronchery openssl genpkey -genparam -algorithm DHX -out dhp.pem -pkeyopt dh_rfc5114:2 438b077aed3SPierre Pronchery 439b077aed3SPierre ProncheryOutput 2048 bit X9.42 DH parameters with 224 bit subgroup using FIP186-4 keygen: 440b077aed3SPierre Pronchery 441b077aed3SPierre Pronchery openssl genpkey -genparam -algorithm DHX -out dhp.pem -text \ 442b077aed3SPierre Pronchery -pkeyopt pbits:2048 -pkeyopt qbits:224 -pkeyopt digest:SHA256 \ 443b077aed3SPierre Pronchery -pkeyopt gindex:1 -pkeyopt dh_paramgen_type:2 444b077aed3SPierre Pronchery 445b077aed3SPierre ProncheryOutput 1024 bit X9.42 DH parameters with 160 bit subgroup using FIP186-2 keygen: 446b077aed3SPierre Pronchery 447b077aed3SPierre Pronchery openssl genpkey -genparam -algorithm DHX -out dhp.pem -text \ 448b077aed3SPierre Pronchery -pkeyopt pbits:1024 -pkeyopt qbits:160 -pkeyopt digest:SHA1 \ 449b077aed3SPierre Pronchery -pkeyopt gindex:1 -pkeyopt dh_paramgen_type:1 450b077aed3SPierre Pronchery 451b077aed3SPierre ProncheryOutput 2048 bit DH parameters: 452b077aed3SPierre Pronchery 453b077aed3SPierre Pronchery openssl genpkey -genparam -algorithm DH -out dhp.pem \ 454b077aed3SPierre Pronchery -pkeyopt dh_paramgen_prime_len:2048 455b077aed3SPierre Pronchery 456b077aed3SPierre ProncheryOutput 2048 bit DH parameters using a generator: 457b077aed3SPierre Pronchery 458b077aed3SPierre Pronchery openssl genpkey -genparam -algorithm DH -out dhpx.pem \ 459b077aed3SPierre Pronchery -pkeyopt dh_paramgen_prime_len:2048 \ 460b077aed3SPierre Pronchery -pkeyopt dh_paramgen_type:1 461b077aed3SPierre Pronchery 462b077aed3SPierre ProncheryGenerate EC parameters: 463b077aed3SPierre Pronchery 464b077aed3SPierre Pronchery openssl genpkey -genparam -algorithm EC -out ecp.pem \ 465b077aed3SPierre Pronchery -pkeyopt ec_paramgen_curve:secp384r1 \ 466b077aed3SPierre Pronchery -pkeyopt ec_param_enc:named_curve 467b077aed3SPierre Pronchery 468b077aed3SPierre ProncheryGenerate EC key from parameters: 469b077aed3SPierre Pronchery 470b077aed3SPierre Pronchery openssl genpkey -paramfile ecp.pem -out eckey.pem 471b077aed3SPierre Pronchery 472b077aed3SPierre ProncheryGenerate EC key directly: 473b077aed3SPierre Pronchery 474b077aed3SPierre Pronchery openssl genpkey -algorithm EC -out eckey.pem \ 475b077aed3SPierre Pronchery -pkeyopt ec_paramgen_curve:P-384 \ 476b077aed3SPierre Pronchery -pkeyopt ec_param_enc:named_curve 477b077aed3SPierre Pronchery 478b077aed3SPierre ProncheryGenerate an X25519 private key: 479b077aed3SPierre Pronchery 480b077aed3SPierre Pronchery openssl genpkey -algorithm X25519 -out xkey.pem 481b077aed3SPierre Pronchery 482b077aed3SPierre ProncheryGenerate an ED448 private key: 483b077aed3SPierre Pronchery 484b077aed3SPierre Pronchery openssl genpkey -algorithm ED448 -out xkey.pem 485b077aed3SPierre Pronchery 486b077aed3SPierre Pronchery=head1 HISTORY 487b077aed3SPierre Pronchery 488b077aed3SPierre ProncheryThe ability to use NIST curve names, and to generate an EC key directly, 489b077aed3SPierre Proncherywere added in OpenSSL 1.0.2. 490b077aed3SPierre ProncheryThe ability to generate X25519 keys was added in OpenSSL 1.1.0. 491b077aed3SPierre ProncheryThe ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1. 492b077aed3SPierre Pronchery 493b077aed3SPierre ProncheryThe B<-engine> option was deprecated in OpenSSL 3.0. 494b077aed3SPierre Pronchery 495b077aed3SPierre Pronchery=head1 COPYRIGHT 496b077aed3SPierre Pronchery 497*aa795734SPierre ProncheryCopyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. 498b077aed3SPierre Pronchery 499b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 500b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 501b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 502b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 503b077aed3SPierre Pronchery 504b077aed3SPierre Pronchery=cut 505