ECPARAM 1 2005-11-24 0.9.9-dev OpenSSL
NAME
ecparam - EC parameter manipulation and generation
LIBRARY
libcrypto, -lcrypto
SYNOPSIS
ooppeennssssll eeccppaarraamm
[--iinnffoorrmm DDEERR||PPEEMM]
[--oouuttffoorrmm DDEERR||PPEEMM]
[--iinn ffiilleennaammee]
[--oouutt ffiilleennaammee]
[--nnoooouutt]
[--tteexxtt]
[--CC]
[--cchheecckk]
[--nnaammee aarrgg]
[--lliisstt__ccuurrvvee]
[--ccoonnvv__ffoorrmm aarrgg]
[--ppaarraamm__eenncc aarrgg]
[--nnoo__sseeeedd]
[--rraanndd ffiillee((ss))]
[--ggeennkkeeyy]
[--eennggiinnee iidd]
DESCRIPTION
This command is used to manipulate or generate EC parameter files.
OPTIONS
-
--iinnffoorrmm DDEERR||PPEEMM
This specifies the input format. The DDEERR option uses an ASN.1 DER encoded
-
form compatible with RFC 3279 EcpkParameters. The PEM form is the default
format: it consists of the DDEERR format base64 encoded with additional
header and footer lines.
-
--oouuttffoorrmm DDEERR||PPEEMM
This specifies the output format, the options have the same meaning as the
-
--iinnffoorrmm option.
-
--iinn ffiilleennaammee
This specifies the input filename to read parameters from or standard input if
-
this option is not specified.
-
--oouutt ffiilleennaammee
This specifies the output filename parameters to. Standard output is used
-
if this option is not present. The output filename should nnoott be the same
as the input filename.
-
--nnoooouutt
This option inhibits the output of the encoded version of the parameters.
-
-
--tteexxtt
This option prints out the EC parameters in human readable form.
-
-
--CC
This option converts the EC parameters into C code. The parameters can then
-
be loaded by calling the _gg_ee_tt____ee_cc____gg_rr_oo_uu_pp____XX_XX_XX_((_)) function.
-
--cchheecckk
Validate the elliptic curve parameters.
-
-
--nnaammee aarrgg
Use the EC parameters with the specified 'short' name. Use --lliisstt__ccuurrvveess
-
to get a list of all currently implemented EC parameters.
-
--lliisstt__ccuurrvveess
If this options is specified eeccppaarraamm will print out a list of all
-
currently implemented EC parameters names and exit.
-
--ccoonnvv__ffoorrmm
This specifies how the points on the elliptic curve are converted
-
into octet strings. Possible values are: ccoommpprreesssseedd (the default
value), uunnccoommpprreesssseedd and hhyybbrriidd. For more information regarding
the point conversion forms please read the X9.62 standard.
NNoottee Due to patent issues the ccoommpprreesssseedd option is disabled
by default for binary curves and can be enabled by defining
the preprocessor macro OOPPEENNSSSSLL__EECC__BBIINN__PPTT__CCOOMMPP at compile time.
-
--ppaarraamm__eenncc aarrgg
This specifies how the elliptic curve parameters are encoded.
-
Possible value are: nnaammeedd__ccuurrvvee, i.e. the ec parameters are
specified by a OID, or eexxpplliicciitt where the ec parameters are
explicitly given (see RFC 3279 for the definition of the
EC parameters structures). The default value is nnaammeedd__ccuurrvvee.
NNoottee the iimmpplliicciittllyyCCAA alternative ,as specified in RFC 3279,
is currently not implemented in OpenSSL.
-
--nnoo__sseeeedd
This option inhibits that the 'seed' for the parameter generation
-
is included in the ECParameters structure (see RFC 3279).
-
--ggeennkkeeyy
This option will generate a EC private key using the specified parameters.
-
-
--rraanndd ffiillee((ss))
a file or files containing random data used to seed the random number
-
generator, or an EGD socket (see _R_A_N_D___e_g_d(3)).
Multiple files can be specified separated by a OS-dependent character.
The separator is ;; for MS-Windows, ,, for OpenVMS, and :: for
all others.
-
--eennggiinnee iidd
specifying an engine (by it's unique iidd string) will cause rreeqq
-
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
NOTES
PEM format EC parameters use the header and footer lines:
-----BEGIN EC PARAMETERS-----
-----END EC PARAMETERS-----
OpenSSL is currently not able to generate new groups and therefore
eeccppaarraamm can only create EC parameters from known (named) curves.
EXAMPLES
To create EC parameters with the group 'prime192v1':
openssl ecparam -out ec_param.pem -name prime192v1
To create EC parameters with explicit parameters:
openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit
To validate given EC parameters:
openssl ecparam -in ec_param.pem -check
To create EC parameters and a private key:
openssl ecparam -out ec_key.pem -name prime192v1 -genkey
To change the point encoding to 'compressed':
openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed
To print out the EC parameters to standard output:
openssl ecparam -in ec_param.pem -noout -text
SEE ALSO
_e_c(1), _o_p_e_n_s_s_l___d_s_a_p_a_r_a_m(1)
HISTORY
The ecparam command was first introduced in OpenSSL 0.9.8.
AUTHOR
Nils Larsch for the OpenSSL project (http://www.openssl.org)