5
ecparam - EC parameter manipulation and generation
29
This command is used to manipulate or generate EC parameter files.
35
=item B<-inform DER|PEM>
37
This specifies the input format. The B<DER> option uses an ASN.1 DER encoded
38
form compatible with RFC 3279 EcpkParameters. The PEM form is the default
39
format: it consists of the B<DER> format base64 encoded with additional
40
header and footer lines.
42
=item B<-outform DER|PEM>
44
This specifies the output format, the options have the same meaning as the
49
This specifies the input filename to read parameters from or standard input if
50
this option is not specified.
52
=item B<-out filename>
54
This specifies the output filename parameters to. Standard output is used
55
if this option is not present. The output filename should B<not> be the same
56
as the input filename.
60
This option inhibits the output of the encoded version of the parameters.
64
This option prints out the EC parameters in human readable form.
68
This option converts the EC parameters into C code. The parameters can then
69
be loaded by calling the B<get_ec_group_XXX()> function.
73
Validate the elliptic curve parameters.
77
Use the EC parameters with the specified 'short' name. Use B<-list_curves>
78
to get a list of all currently implemented EC parameters.
82
If this options is specified B<ecparam> will print out a list of all
83
currently implemented EC parameters names and exit.
87
This specifies how the points on the elliptic curve are converted
88
into octet strings. Possible values are: B<compressed> (the default
89
value), B<uncompressed> and B<hybrid>. For more information regarding
90
the point conversion forms please read the X9.62 standard.
91
B<Note> Due to patent issues the B<compressed> option is disabled
92
by default for binary curves and can be enabled by defining
93
the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.
95
=item B<-param_enc arg>
97
This specifies how the elliptic curve parameters are encoded.
98
Possible value are: B<named_curve>, i.e. the ec parameters are
99
specified by a OID, or B<explicit> where the ec parameters are
100
explicitly given (see RFC 3279 for the definition of the
101
EC parameters structures). The default value is B<named_curve>.
102
B<Note> the B<implicitlyCA> alternative ,as specified in RFC 3279,
103
is currently not implemented in OpenSSL.
107
This option inhibits that the 'seed' for the parameter generation
108
is included in the ECParameters structure (see RFC 3279).
112
This option will generate a EC private key using the specified parameters.
114
=item B<-rand file(s)>
116
a file or files containing random data used to seed the random number
117
generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
118
Multiple files can be specified separated by a OS-dependent character.
119
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
124
specifying an engine (by it's unique B<id> string) will cause B<req>
125
to attempt to obtain a functional reference to the specified engine,
126
thus initialising it if needed. The engine will then be set as the default
127
for all available algorithms.
133
PEM format EC parameters use the header and footer lines:
135
-----BEGIN EC PARAMETERS-----
136
-----END EC PARAMETERS-----
138
OpenSSL is currently not able to generate new groups and therefore
139
B<ecparam> can only create EC parameters from known (named) curves.
143
To create EC parameters with the group 'prime192v1':
145
openssl ecparam -out ec_param.pem -name prime192v1
147
To create EC parameters with explicit parameters:
149
openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit
151
To validate given EC parameters:
153
openssl ecparam -in ec_param.pem -check
155
To create EC parameters and a private key:
157
openssl ecparam -out ec_key.pem -name prime192v1 -genkey
159
To change the point encoding to 'compressed':
161
openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed
163
To print out the EC parameters to standard output:
165
openssl ecparam -in ec_param.pem -noout -text
169
L<ec(1)|ec(1)>, L<dsaparam(1)|dsaparam(1)>
173
The ecparam command was first introduced in OpenSSL 0.9.8.
177
Nils Larsch for the OpenSSL project (http://www.openssl.org)