• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1=pod
2{- OpenSSL::safe::output_do_not_edit_headers(); -}
3
4=head1 NAME
5
6openssl-ecparam - EC parameter manipulation and generation
7
8=head1 SYNOPSIS
9
10B<openssl ecparam>
11[B<-help>]
12[B<-inform> B<DER>|B<PEM>]
13[B<-outform> B<DER>|B<PEM>]
14[B<-in> I<filename>]
15[B<-out> I<filename>]
16[B<-noout>]
17[B<-text>]
18[B<-check>]
19[B<-check_named>]
20[B<-name> I<arg>]
21[B<-list_curves>]
22[B<-conv_form> I<arg>]
23[B<-param_enc> I<arg>]
24[B<-no_seed>]
25[B<-genkey>]
26{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -}
27{- $OpenSSL::safe::opt_provider_synopsis -}
28
29=head1 DESCRIPTION
30
31This command is used to manipulate or generate EC parameter files.
32
33OpenSSL is currently not able to generate new groups and therefore
34this command can only create EC parameters from known (named) curves.
35
36=head1 OPTIONS
37
38=over 4
39
40=item B<-help>
41
42Print out a usage message.
43
44=item B<-inform> B<DER>|B<PEM>
45
46The EC parameters input format; unspecified by default.
47See L<openssl-format-options(1)> for details.
48
49=item B<-outform> B<DER>|B<PEM>
50
51The EC parameters output format; the default is B<PEM>.
52See L<openssl-format-options(1)> for details.
53
54Parameters are encoded as B<EcpkParameters> as specified in IETF RFC 3279.
55
56=item B<-in> I<filename>
57
58This specifies the input filename to read parameters from or standard input if
59this option is not specified.
60
61=item B<-out> I<filename>
62
63This specifies the output filename parameters to. Standard output is used
64if this option is not present. The output filename should B<not> be the same
65as the input filename.
66
67=item B<-noout>
68
69This option inhibits the output of the encoded version of the parameters.
70
71=item B<-text>
72
73This option prints out the EC parameters in human readable form.
74
75=item B<-check>
76
77Validate the elliptic curve parameters.
78
79=item B<-check_named>
80
81Validate the elliptic name curve parameters by checking if the curve parameters
82match any built-in curves.
83
84=item B<-name> I<arg>
85
86Use the EC parameters with the specified 'short' name. Use B<-list_curves>
87to get a list of all currently implemented EC parameters.
88
89=item B<-list_curves>
90
91Print out a list of all currently implemented EC parameters names and exit.
92
93=item B<-conv_form> I<arg>
94
95This specifies how the points on the elliptic curve are converted
96into octet strings. Possible values are: B<compressed>, B<uncompressed> (the
97default value) and B<hybrid>. For more information regarding
98the point conversion forms please read the X9.62 standard.
99B<Note> Due to patent issues the B<compressed> option is disabled
100by default for binary curves and can be enabled by defining
101the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.
102
103=item B<-param_enc> I<arg>
104
105This specifies how the elliptic curve parameters are encoded.
106Possible value are: B<named_curve>, i.e. the ec parameters are
107specified by an OID, or B<explicit> where the ec parameters are
108explicitly given (see RFC 3279 for the definition of the
109EC parameters structures). The default value is B<named_curve>.
110B<Note> the B<implicitlyCA> alternative, as specified in RFC 3279,
111is currently not implemented in OpenSSL.
112
113=item B<-no_seed>
114
115This option inhibits that the 'seed' for the parameter generation
116is included in the ECParameters structure (see RFC 3279).
117
118=item B<-genkey>
119
120This option will generate an EC private key using the specified parameters.
121
122{- $OpenSSL::safe::opt_engine_item -}
123
124{- $OpenSSL::safe::opt_r_item -}
125
126{- $OpenSSL::safe::opt_provider_item -}
127
128=back
129
130The L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)> commands are capable
131of performing all the operations this command can, as well as supporting
132other public key types.
133
134=head1 EXAMPLES
135
136The documentation for the L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>
137commands contains examples equivalent to the ones listed here.
138
139To create EC parameters with the group 'prime192v1':
140
141  openssl ecparam -out ec_param.pem -name prime192v1
142
143To create EC parameters with explicit parameters:
144
145  openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit
146
147To validate given EC parameters:
148
149  openssl ecparam -in ec_param.pem -check
150
151To create EC parameters and a private key:
152
153  openssl ecparam -out ec_key.pem -name prime192v1 -genkey
154
155To change the point encoding to 'compressed':
156
157  openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed
158
159To print out the EC parameters to standard output:
160
161  openssl ecparam -in ec_param.pem -noout -text
162
163=head1 SEE ALSO
164
165L<openssl(1)>,
166L<openssl-pkeyparam(1)>,
167L<openssl-genpkey(1)>,
168L<openssl-ec(1)>,
169L<openssl-dsaparam(1)>
170
171=head1 HISTORY
172
173The B<-engine> option was deprecated in OpenSSL 3.0.
174
175The B<-C> option was removed in OpenSSL 3.0.
176
177=head1 COPYRIGHT
178
179Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
180
181Licensed under the Apache License 2.0 (the "License").  You may not use
182this file except in compliance with the License.  You can obtain a copy
183in the file LICENSE in the source distribution or at
184L<https://www.openssl.org/source/license.html>.
185
186=cut
187