xref: /openssl/doc/man1/openssl-ecparam.pod.in (revision 1dbb67c4) 
1=pod
2{- OpenSSL::safe::output_do_not_edit_headers(); -}
3
4=head1 NAME
5
6openssl-ecparam - EC parameter manipulation and generation
7
8=head1 SYNOPSIS
9
10B<openssl ecparam>
11[B<-help>]
12[B<-inform> B<DER>|B<PEM>]
13[B<-outform> B<DER>|B<PEM>]
14[B<-in> I<filename>]
15[B<-out> I<filename>]
16[B<-noout>]
17[B<-text>]
18[B<-check>]
19[B<-check_named>]
20[B<-name> I<arg>]
21[B<-list_curves>]
22[B<-conv_form> I<arg>]
23[B<-param_enc> I<arg>]
24[B<-no_seed>]
25[B<-genkey>]
26{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_r_synopsis -}
27{- $OpenSSL::safe::opt_provider_synopsis -}
28
29=head1 DESCRIPTION
30
31This command is used to manipulate or generate EC parameter files.
32
33OpenSSL is currently not able to generate new groups and therefore
34this command can only create EC parameters from known (named) curves.
35
36=head1 OPTIONS
37
38=over 4
39
40=item B<-help>
41
42Print out a usage message.
43
44=item B<-inform> B<DER>|B<PEM>
45
46The EC parameters input format; unspecified by default.
47See L<openssl-format-options(1)> for details.
48
49=item B<-outform> B<DER>|B<PEM>
50
51The EC parameters output format; the default is B<PEM>.
52See L<openssl-format-options(1)> for details.
53
54Parameters are encoded as B<EcpkParameters> as specified in IETF RFC 3279.
55
56=item B<-in> I<filename>
57
58This specifies the input file to read parameters from or standard input if
59this option is not specified.
60
61=item B<-out> I<filename>
62
63This specifies the output filename parameters to. Standard output is used
64if this option is not present.
65The output filename can be the same as the input filename,
66which leads to replacing the file contents.
67Note that file I/O is not atomic. The output file is truncated and then written.
68
69=item B<-noout>
70
71This option inhibits the output of the encoded version of the parameters.
72
73=item B<-text>
74
75This option prints out the EC parameters in human readable form.
76
77=item B<-check>
78
79Validate the elliptic curve parameters.
80
81=item B<-check_named>
82
83Validate the elliptic name curve parameters by checking if the curve parameters
84match any built-in curves.
85
86=item B<-name> I<arg>
87
88Use the EC parameters with the specified 'short' name. Use B<-list_curves>
89to get a list of all currently implemented EC parameters.
90
91=item B<-list_curves>
92
93Print out a list of all currently implemented EC parameters names and exit.
94
95=item B<-conv_form> I<arg>
96
97This specifies how the points on the elliptic curve are converted
98into octet strings. Possible values are: B<compressed>, B<uncompressed> (the
99default value) and B<hybrid>. For more information regarding
100the point conversion forms please read the X9.62 standard.
101B<Note> Due to patent issues the B<compressed> option is disabled
102by default for binary curves and can be enabled by defining
103the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.
104
105=item B<-param_enc> I<arg>
106
107This specifies how the elliptic curve parameters are encoded.
108Possible value are: B<named_curve>, i.e. the ec parameters are
109specified by an OID, or B<explicit> where the ec parameters are
110explicitly given (see RFC 3279 for the definition of the
111EC parameters structures). The default value is B<named_curve>.
112B<Note> the B<implicitlyCA> alternative, as specified in RFC 3279,
113is currently not implemented in OpenSSL.
114
115=item B<-no_seed>
116
117This option inhibits that the 'seed' for the parameter generation
118is included in the ECParameters structure (see RFC 3279).
119
120=item B<-genkey>
121
122This option will generate an EC private key using the specified parameters.
123
124{- $OpenSSL::safe::opt_engine_item -}
125
126{- $OpenSSL::safe::opt_r_item -}
127
128{- $OpenSSL::safe::opt_provider_item -}
129
130=back
131
132The L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)> commands are capable
133of performing all the operations this command can, as well as supporting
134other public key types.
135
136=head1 EXAMPLES
137
138The documentation for the L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>
139commands contains examples equivalent to the ones listed here.
140
141To create EC parameters with the group 'prime192v1':
142
143  openssl ecparam -out ec_param.pem -name prime192v1
144
145To create EC parameters with explicit parameters:
146
147  openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit
148
149To validate given EC parameters:
150
151  openssl ecparam -in ec_param.pem -check
152
153To create EC parameters and a private key:
154
155  openssl ecparam -out ec_key.pem -name prime192v1 -genkey
156
157To change the point encoding to 'compressed':
158
159  openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed
160
161To print out the EC parameters to standard output:
162
163  openssl ecparam -in ec_param.pem -noout -text
164
165=head1 SEE ALSO
166
167L<openssl(1)>,
168L<openssl-pkeyparam(1)>,
169L<openssl-genpkey(1)>,
170L<openssl-ec(1)>,
171L<openssl-dsaparam(1)>
172
173=head1 HISTORY
174
175The B<-engine> option was deprecated in OpenSSL 3.0.
176
177The B<-C> option was removed in OpenSSL 3.0.
178
179=head1 COPYRIGHT
180
181Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
182
183Licensed under the Apache License 2.0 (the "License").  You may not use
184this file except in compliance with the License.  You can obtain a copy
185in the file LICENSE in the source distribution or at
186L<https://www.openssl.org/source/license.html>.
187
188=cut
189