OpenSSL ECPARAM(1openssl) NNNNAAAAMMMMEEEE
ecparam - EC parameter manipulation and generation
SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSSooooppppeeeennnnssssssssllll eeeeccccppppaaaarrrraaaammmm [---iiinnnnffffoooorrrrmmmm DDDDEEEERRRR||||PPPPEEEEMMMM] [---ooouuuuttttffffoooorrrrmmmm DDDDEEEERRRR||||PPPPEEEEMMMM] [---iiinnnn
ffffiiiilllleeeennnnaaaammmmeeee] [---ooouuuutttt ffffiiiilllleeeennnnaaaammmmeeee] [---nnnoooooooouuuutttt] [---ttteeeexxxxtttt] [---CCC] [---ccchhhheeeecccckkkk]
[---nnnaaaammmmeeee aaaarrrrgggg] [---llliiiisssstttt_ccccuuuurrrrvvvveeee] [---cccoooonnnnvvvv_ffffoooorrrrmmmm aaaarrrrgggg] [---pppaaaarrrraaaammmm_eeeennnncccc aaaarrrrgggg]
[---nnnoooo_sssseeeeeeeedddd] [---rrraaaannnndddd ffffiiiilllleeee((((ssss))))] [---gggeeeennnnkkkkeeeeyyyy] [---eeennnnggggiiiinnnneeee iiiidddd]
DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN This command is used to manipulate or generate EC parameter files. OOOOPPPPTTTTIIIIOOOONNNNSSSS-iiiinnnnffffoooorrrrmmmm DDDDEEEERRRR||||PPPPEEEEMMMM
This specifies the input format. The DDDDEEEERRRR option uses an ASN.1 DER encoded form compatible with RFC 3279 EcpkParameters. The PEM form is the default format: it consists of the DDDDEEEERRRR format base64 encoded with additional header and footer lines.-oooouuuuttttffffoooorrrrmmmm DDDDEEEERRRR||||PPPPEEEEMMMM
This specifies the output format, the options have thesame meaning as the ---iiinnnnffffoooorrrrmmmm option.
-iiiinnnn ffffiiiilllleeeennnnaaaammmmeeee
This specifies the input filename to read parameters from or standard input if this option is not specified.-oooouuuutttt ffffiiiilllleeeennnnaaaammmmeeee
This specifies the output filename parameters to. Standard output is used if this option is not present. The output filename should nnnnooootttt be the same as the input filename.-nnnnoooooooouuuutttt
This option inhibits the output of the encoded version of the parameters.-tttteeeexxxxtttt
This option prints out the EC parameters in human readable form.-CCCC This option converts the EC parameters into C code. The
parameters can then be loaded by calling theggggeeeetttt_eeeecccc_ggggrrrroooouuuupppp_XXXXXXXXXXXX(((()))) function.
-cccchhhheeeecccckkkk
Validate the elliptic curve parameters.-nnnnaaaammmmeeee aaaarrrrgggg
Use the EC parameters with the specified 'short' name.16/Dec/2004 Last change: 0.9.8o 1 OpenSSL ECPARAM(1openssl)
Use ---llliiiisssstttt_ccccuuuurrrrvvvveeeessss to get a list of all currently
implemented EC parameters.-lllliiiisssstttt_ccccuuuurrrrvvvveeeessss
If this options is specified eeeeccccppppaaaarrrraaaammmm will print out a list of all currently implemented EC parameters names and exit.-ccccoooonnnnvvvv_ffffoooorrrrmmmm
This specifies how the points on the elliptic curve are converted into octet strings. Possible values are: ccccoooommmmpppprrrreeeesssssssseeeedddd (the default value), uuuunnnnccccoooommmmpppprrrreeeesssssssseeeedddd and hhhhyyyybbbbrrrriiiidddd. For more information regarding the point conversion forms please read the X9.62 standard. NNNNooootttteeee Due to patent issues the ccccoooommmmpppprrrreeeesssssssseeeedddd option is disabled by default for binary curves and can be enabled by definingthe preprocessor macro OOOOPPPPEEEENNNNSSSSSSSSLLLL_EEEECCCC_BBBBIIIINNNN_PPPPTTTT_CCCCOOOOMMMMPPPP at compile
time.-ppppaaaarrrraaaammmm_eeeennnncccc aaaarrrrgggg
This specifies how the elliptic curve parameters areencoded. Possible value are: nnnnaaaammmmeeeedddd_ccccuuuurrrrvvvveeee, i.e. the ec
parameters are specified by a OID, or eeeexxxxpppplllliiiicccciiiitttt where the ec parameters are explicitly given (see RFC 3279 for the definition of the EC parameters structures). The defaultvalue is nnnnaaaammmmeeeedddd_ccccuuuurrrrvvvveeee. NNNNooootttteeee the iiiimmmmpppplllliiiicccciiiittttllllyyyyCCCCAAAA alternative
,as specified in RFC 3279, is currently not implemented in OpenSSL.-nnnnoooo_sssseeeeeeeedddd
This option inhibits that the 'seed' for the parameter generation is included in the ECParameters structure (see RFC 3279).-ggggeeeennnnkkkkeeeeyyyy
This option will generate a EC private key using the specified parameters.-rrrraaaannnndddd ffffiiiilllleeee((((ssss))))
a file or files containing random data used to seed the random number generator, or an EGD socket (seeRAND_egd(3)). Multiple files can be specified separated
by a OS-dependent character. The separator is ;;;; for
MS-Windows, ,,,, for OpenVMS, and :::: for all others.
-eeeennnnggggiiiinnnneeee iiiidddd
specifying an engine (by it's unique iiiidddd string) will cause rrrreeeeqqqq to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.16/Dec/2004 Last change: 0.9.8o 2 OpenSSL ECPARAM(1openssl) NNNNOOOOTTTTEEEESSSS PEM format EC parameters use the header and footer lines:
-----BEGIN EC PARAMETERS-----
-----END EC PARAMETERS-----
OpenSSL is currently not able to generate new groups and therefore eeeeccccppppaaaarrrraaaammmm can only create EC parameters from known (named) curves. EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS To create EC parameters with the group 'prime192v1':openssl ecparam -out ec_param.pem -name prime192v1
To create EC parameters with explicit parameters:openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit
To validate given EC parameters:openssl ecparam -in ec_param.pem -check
To create EC parameters and a private key:openssl ecparam -out ec_key.pem -name prime192v1 -genkey
To change the point encoding to 'compressed':openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed
To print out the EC parameters to standard output:openssl ecparam -in ec_param.pem -noout -text
SSSSEEEEEEEE AAAALLLLSSSSOOOO ec(1), dsaparam(1) HHHHIIIISSSSTTTTOOOORRRRYYYYThe ecparam command was first introduced in OpenSSL 0.9.8.
AAAAUUUUTTTTHHHHOOOORRRR Nils Larsch for the OpenSSL project (http://www.openssl.org)16/Dec/2004 Last change: 0.9.8o 3 OpenSSL ECPARAM(1openssl)
16/Dec/2004 Last change: 0.9.8o 4