1=pod 2 3=head1 NAME 4 5openssl-dsa, 6dsa - DSA key processing 7 8=head1 SYNOPSIS 9 10B<openssl> B<dsa> 11[B<-help>] 12[B<-inform PEM|DER>] 13[B<-outform PEM|DER>] 14[B<-in filename>] 15[B<-passin arg>] 16[B<-out filename>] 17[B<-passout arg>] 18[B<-aes128>] 19[B<-aes192>] 20[B<-aes256>] 21[B<-aria128>] 22[B<-aria192>] 23[B<-aria256>] 24[B<-camellia128>] 25[B<-camellia192>] 26[B<-camellia256>] 27[B<-des>] 28[B<-des3>] 29[B<-idea>] 30[B<-text>] 31[B<-noout>] 32[B<-modulus>] 33[B<-pubin>] 34[B<-pubout>] 35[B<-engine id>] 36 37=head1 DESCRIPTION 38 39The B<dsa> command processes DSA keys. They can be converted between various 40forms and their components printed out. B<Note> This command uses the 41traditional SSLeay compatible format for private key encryption: newer 42applications should use the more secure PKCS#8 format using the B<pkcs8> 43 44=head1 OPTIONS 45 46=over 4 47 48=item B<-help> 49 50Print out a usage message. 51 52=item B<-inform DER|PEM> 53 54This specifies the input format. The B<DER> option with a private key uses 55an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of 56version (currently zero), p, q, g, the public and private key components 57respectively as ASN.1 INTEGERs. When used with a public key it uses a 58SubjectPublicKeyInfo structure: it is an error if the key is not DSA. 59 60The B<PEM> form is the default format: it consists of the B<DER> format base64 61encoded with additional header and footer lines. In the case of a private key 62PKCS#8 format is also accepted. 63 64=item B<-outform DER|PEM> 65 66This specifies the output format, the options have the same meaning and default 67as the B<-inform> option. 68 69=item B<-in filename> 70 71This specifies the input filename to read a key from or standard input if this 72option is not specified. If the key is encrypted a pass phrase will be 73prompted for. 74 75=item B<-passin arg> 76 77The input file password source. For more information about the format of B<arg> 78see L<openssl(1)/Pass Phrase Options>. 79 80=item B<-out filename> 81 82This specifies the output filename to write a key to or standard output by 83is not specified. If any encryption options are set then a pass phrase will be 84prompted for. The output filename should B<not> be the same as the input 85filename. 86 87=item B<-passout arg> 88 89The output file password source. For more information about the format of B<arg> 90see L<openssl(1)/Pass Phrase Options>. 91 92=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> 93 94These options encrypt the private key with the specified 95cipher before outputting it. A pass phrase is prompted for. 96If none of these options is specified the key is written in plain text. This 97means that using the B<dsa> utility to read in an encrypted key with no 98encryption option can be used to remove the pass phrase from a key, or by 99setting the encryption options it can be use to add or change the pass phrase. 100These options can only be used with PEM format output files. 101 102=item B<-text> 103 104Prints out the public, private key components and parameters. 105 106=item B<-noout> 107 108This option prevents output of the encoded version of the key. 109 110=item B<-modulus> 111 112This option prints out the value of the public key component of the key. 113 114=item B<-pubin> 115 116By default, a private key is read from the input file. With this option a 117public key is read instead. 118 119=item B<-pubout> 120 121By default, a private key is output. With this option a public 122key will be output instead. This option is automatically set if the input is 123a public key. 124 125=item B<-engine id> 126 127Specifying an engine (by its unique B<id> string) will cause B<dsa> 128to attempt to obtain a functional reference to the specified engine, 129thus initialising it if needed. The engine will then be set as the default 130for all available algorithms. 131 132=back 133 134=head1 NOTES 135 136The PEM private key format uses the header and footer lines: 137 138 -----BEGIN DSA PRIVATE KEY----- 139 -----END DSA PRIVATE KEY----- 140 141The PEM public key format uses the header and footer lines: 142 143 -----BEGIN PUBLIC KEY----- 144 -----END PUBLIC KEY----- 145 146=head1 EXAMPLES 147 148To remove the pass phrase on a DSA private key: 149 150 openssl dsa -in key.pem -out keyout.pem 151 152To encrypt a private key using triple DES: 153 154 openssl dsa -in key.pem -des3 -out keyout.pem 155 156To convert a private key from PEM to DER format: 157 158 openssl dsa -in key.pem -outform DER -out keyout.der 159 160To print out the components of a private key to standard output: 161 162 openssl dsa -in key.pem -text -noout 163 164To just output the public part of a private key: 165 166 openssl dsa -in key.pem -pubout -out pubkey.pem 167 168=head1 SEE ALSO 169 170L<dsaparam(1)>, L<gendsa(1)>, L<rsa(1)>, 171L<genrsa(1)> 172 173=head1 COPYRIGHT 174 175Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. 176 177Licensed under the OpenSSL license (the "License"). You may not use 178this file except in compliance with the License. You can obtain a copy 179in the file LICENSE in the source distribution or at 180L<https://www.openssl.org/source/license.html>. 181 182=cut 183