ECPARAM 1 2005-11-24 0.9.9-dev OpenSSL

NAME

ecparam - EC parameter manipulation and generation

LIBRARY

libcrypto, -lcrypto

SYNOPSIS

ooppeennssssll eeccppaarraamm [--iinnffoorrmm DDEERR||PPEEMM] [--oouuttffoorrmm DDEERR||PPEEMM] [--iinn ffiilleennaammee] [--oouutt ffiilleennaammee] [--nnoooouutt] [--tteexxtt] [--CC] [--cchheecckk] [--nnaammee aarrgg] [--lliisstt__ccuurrvvee] [--ccoonnvv__ffoorrmm aarrgg] [--ppaarraamm__eenncc aarrgg] [--nnoo__sseeeedd] [--rraanndd ffiillee((ss))] [--ggeennkkeeyy] [--eennggiinnee iidd]

DESCRIPTION

This command is used to manipulate or generate EC parameter files.

OPTIONS

--iinnffoorrmm DDEERR||PPEEMM This specifies the input format. The DDEERR option uses an ASN.1 DER encoded
form compatible with RFC 3279 EcpkParameters. The PEM form is the default format: it consists of the DDEERR format base64 encoded with additional header and footer lines.
--oouuttffoorrmm DDEERR||PPEEMM This specifies the output format, the options have the same meaning as the
--iinnffoorrmm option.
--iinn ffiilleennaammee This specifies the input filename to read parameters from or standard input if
this option is not specified.
--oouutt ffiilleennaammee This specifies the output filename parameters to. Standard output is used
if this option is not present. The output filename should nnoott be the same as the input filename.
--nnoooouutt This option inhibits the output of the encoded version of the parameters.
--tteexxtt This option prints out the EC parameters in human readable form.
--CC This option converts the EC parameters into C code. The parameters can then
be loaded by calling the _gg_ee_tt____ee_cc____gg_rr_oo_uu_pp____XX_XX_XX_((_)) function.
--cchheecckk Validate the elliptic curve parameters.
--nnaammee aarrgg Use the EC parameters with the specified 'short' name. Use --lliisstt__ccuurrvveess
to get a list of all currently implemented EC parameters.
--lliisstt__ccuurrvveess If this options is specified eeccppaarraamm will print out a list of all
currently implemented EC parameters names and exit.
--ccoonnvv__ffoorrmm This specifies how the points on the elliptic curve are converted
into octet strings. Possible values are: ccoommpprreesssseedd (the default value), uunnccoommpprreesssseedd and hhyybbrriidd. For more information regarding the point conversion forms please read the X9.62 standard. NNoottee Due to patent issues the ccoommpprreesssseedd option is disabled by default for binary curves and can be enabled by defining the preprocessor macro OOPPEENNSSSSLL__EECC__BBIINN__PPTT__CCOOMMPP at compile time.
--ppaarraamm__eenncc aarrgg This specifies how the elliptic curve parameters are encoded.
Possible value are: nnaammeedd__ccuurrvvee, i.e. the ec parameters are specified by a OID, or eexxpplliicciitt where the ec parameters are explicitly given (see RFC 3279 for the definition of the EC parameters structures). The default value is nnaammeedd__ccuurrvvee. NNoottee the iimmpplliicciittllyyCCAA alternative ,as specified in RFC 3279, is currently not implemented in OpenSSL.
--nnoo__sseeeedd This option inhibits that the 'seed' for the parameter generation
is included in the ECParameters structure (see RFC 3279).
--ggeennkkeeyy This option will generate a EC private key using the specified parameters.
--rraanndd ffiillee((ss)) a file or files containing random data used to seed the random number
generator, or an EGD socket (see _R_A_N_D___e_g_d(3)). Multiple files can be specified separated by a OS-dependent character. The separator is ;; for MS-Windows, ,, for OpenVMS, and :: for all others.
--eennggiinnee iidd specifying an engine (by it's unique iidd string) will cause rreeqq
to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

NOTES

PEM format EC parameters use the header and footer lines:


 -----BEGIN EC PARAMETERS-----
 -----END EC PARAMETERS-----

OpenSSL is currently not able to generate new groups and therefore eeccppaarraamm can only create EC parameters from known (named) curves.

EXAMPLES

To create EC parameters with the group 'prime192v1':


  openssl ecparam -out ec_param.pem -name prime192v1

To create EC parameters with explicit parameters:


  openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit

To validate given EC parameters:


  openssl ecparam -in ec_param.pem -check

To create EC parameters and a private key:


  openssl ecparam -out ec_key.pem -name prime192v1 -genkey

To change the point encoding to 'compressed':


  openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed

To print out the EC parameters to standard output:


  openssl ecparam -in ec_param.pem -noout -text

SEE ALSO

_e_c(1), _o_p_e_n_s_s_l___d_s_a_p_a_r_a_m(1)

HISTORY

The ecparam command was first introduced in OpenSSL 0.9.8.

AUTHOR

Nils Larsch for the OpenSSL project (http://www.openssl.org)