xref: /freebsd/secure/usr.bin/openssl/man/openssl-ecparam.1 (revision aa1a8ff2d6dbc51ef058f46f3db5a8bb77967145)
Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)

Standard preamble:
========================================================================
..
..
.. Set up some character translations and predefined strings. \*(-- will
give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
double quote, and \*(R" will give a right double quote. \*(C+ will
give a nicer C++. Capital omega is used to do unbreakable dashes and
therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
nothing in troff, for use with C<>.
.tr \(*W- . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.

If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.

Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] .\} . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents . \" corrections for vroff . \" for low resolution devices (crt and lpr) \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} ========================================================================

Title "OPENSSL-ECPARAM 1ossl"
OPENSSL-ECPARAM 1ossl "2023-09-22" "3.0.11" "OpenSSL"
For nroff, turn off justification. Always turn off hyphenation; it makes
way too many mistakes in technical documents.
"NAME"
openssl-ecparam - EC parameter manipulation and generation
"SYNOPSIS"
Header "SYNOPSIS" \fBopenssl ecparam [-help] [-inform \s-1DER\s0|\s-1PEM\s0] [-outform \s-1DER\s0|\s-1PEM\s0] [-in filename] [-out filename] [-noout] [-text] [-check] [-check_named] [-name arg] [-list_curves] [-conv_form arg] [-param_enc arg] [-no_seed] [-genkey] [-engine id] [-rand files] [-writerand file] [-provider name] [-provider-path path] [-propquery propq]
"DESCRIPTION"
Header "DESCRIPTION" This command is used to manipulate or generate \s-1EC\s0 parameter files.

OpenSSL is currently not able to generate new groups and therefore this command can only create \s-1EC\s0 parameters from known (named) curves.

"OPTIONS"
Header "OPTIONS"
"-help" 4
Item "-help" Print out a usage message.
"-inform \s-1DER\s0|\s-1PEM\s0" 4
Item "-inform DER|PEM" The \s-1EC\s0 parameters input format; unspecified by default. See openssl-format-options\|(1) for details.
"-outform \s-1DER\s0|\s-1PEM\s0" 4
Item "-outform DER|PEM" The \s-1EC\s0 parameters output format; the default is \s-1PEM\s0. See openssl-format-options\|(1) for details. .Sp Parameters are encoded as EcpkParameters as specified in \s-1IETF RFC 3279.\s0
"-in filename" 4
Item "-in filename" This specifies the input filename to read parameters from or standard input if this option is not specified.
"-out filename" 4
Item "-out filename" This specifies the output filename parameters to. Standard output is used if this option is not present. The output filename should not be the same as the input filename.
"-noout" 4
Item "-noout" This option inhibits the output of the encoded version of the parameters.
"-text" 4
Item "-text" This option prints out the \s-1EC\s0 parameters in human readable form.
"-check" 4
Item "-check" Validate the elliptic curve parameters.
"-check_named" 4
Item "-check_named" Validate the elliptic name curve parameters by checking if the curve parameters match any built-in curves.
"-name arg" 4
Item "-name arg" Use the \s-1EC\s0 parameters with the specified 'short' name. Use -list_curves to get a list of all currently implemented \s-1EC\s0 parameters.
"-list_curves" 4
Item "-list_curves" Print out a list of all currently implemented \s-1EC\s0 parameters names and exit.
"-conv_form arg" 4
Item "-conv_form arg" This specifies how the points on the elliptic curve are converted into octet strings. Possible values are: compressed, uncompressed (the default value) and hybrid. For more information regarding the point conversion forms please read the X9.62 standard. \fBNote Due to patent issues the compressed option is disabled by default for binary curves and can be enabled by defining the preprocessor macro \s-1OPENSSL_EC_BIN_PT_COMP\s0 at compile time.
"-param_enc arg" 4
Item "-param_enc arg" This specifies how the elliptic curve parameters are encoded. Possible value are: named_curve, i.e. the ec parameters are specified by an \s-1OID,\s0 or explicit where the ec parameters are explicitly given (see \s-1RFC 3279\s0 for the definition of the \s-1EC\s0 parameters structures). The default value is named_curve. \fBNote the implicitlyCA alternative, as specified in \s-1RFC 3279,\s0 is currently not implemented in OpenSSL.
"-no_seed" 4
Item "-no_seed" This option inhibits that the 'seed' for the parameter generation is included in the ECParameters structure (see \s-1RFC 3279\s0).
"-genkey" 4
Item "-genkey" This option will generate an \s-1EC\s0 private key using the specified parameters.
"-engine id" 4
Item "-engine id" See \*(L"Engine Options\*(R" in openssl\|(1). This option is deprecated.
"-rand files, -writerand file" 4
Item "-rand files, -writerand file" See \*(L"Random State Options\*(R" in openssl\|(1) for details.
"-provider name" 4
Item "-provider name"

0

"-provider-path path" 4
Item "-provider-path path"
"-propquery propq" 4
Item "-propquery propq"

See \*(L"Provider Options\*(R" in openssl\|(1), provider\|(7), and property\|(7).

The openssl-genpkey\|(1) and openssl-pkeyparam\|(1) commands are capable of performing all the operations this command can, as well as supporting other public key types.

"EXAMPLES"
Header "EXAMPLES" The documentation for the openssl-genpkey\|(1) and openssl-pkeyparam\|(1) commands contains examples equivalent to the ones listed here.

To create \s-1EC\s0 parameters with the group 'prime192v1':

.Vb 1 openssl ecparam -out ec_param.pem -name prime192v1 .Ve

To create \s-1EC\s0 parameters with explicit parameters:

.Vb 1 openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit .Ve

To validate given \s-1EC\s0 parameters:

.Vb 1 openssl ecparam -in ec_param.pem -check .Ve

To create \s-1EC\s0 parameters and a private key:

.Vb 1 openssl ecparam -out ec_key.pem -name prime192v1 -genkey .Ve

To change the point encoding to 'compressed':

.Vb 1 openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed .Ve

To print out the \s-1EC\s0 parameters to standard output:

.Vb 1 openssl ecparam -in ec_param.pem -noout -text .Ve

"SEE ALSO"
Header "SEE ALSO" \fBopenssl\|(1), \fBopenssl-pkeyparam\|(1), \fBopenssl-genpkey\|(1), \fBopenssl-ec\|(1), \fBopenssl-dsaparam\|(1)
"HISTORY"
Header "HISTORY" The -engine option was deprecated in OpenSSL 3.0.

The -C option was removed in OpenSSL 3.0.

"COPYRIGHT"
Header "COPYRIGHT" Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>.