diff options
| author | Pauli <paul.dale@oracle.com> | 2020-02-18 11:36:08 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2020-02-21 22:55:13 +1000 |
| commit | 92fee4213b80e3980f07260e5816e99b9e146e08 (patch) | |
| tree | 4a5e15ceb33fdaada9f2875184303cc2d8641d81 /doc/man1 | |
| parent | 35eb4588710dc900f53301f87e3a27782b443f76 (diff) | |
pkey: additional EC related options
Add options to change the parameter encoding and point conversions for EC
public and private keys. These options are present in the deprecated 'ec'
utility.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11113)
Diffstat (limited to 'doc/man1')
| -rw-r--r-- | doc/man1/openssl-pkey.pod.in | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/doc/man1/openssl-pkey.pod.in b/doc/man1/openssl-pkey.pod.in index c85fc12327..31bf005f74 100644 --- a/doc/man1/openssl-pkey.pod.in +++ b/doc/man1/openssl-pkey.pod.in @@ -28,6 +28,8 @@ B<openssl> B<pkey> [B<-pubout>] [B<-check>] [B<-pubcheck>] +[B<-ec_conv_form> I<arg>] +[B<-ec_param_enc> I<arg>] {- $OpenSSL::safe::opt_engine_synopsis -} =for openssl ifdef engine @@ -114,6 +116,30 @@ components. This option checks the correctness of either a public key or the public component of a key pair. +=item B<-ec_conv_form> I<arg> + +This option only applies to elliptic curve based public and private keys. + +This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: B<compressed> (the default +value), B<uncompressed> and B<hybrid>. For more information regarding +the point conversion forms please read the X9.62 standard. +B<Note> Due to patent issues the B<compressed> option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time. + +=item B<-ec_param_enc> I<arg> + +This option only applies to elliptic curve based public and private keys. + +This specifies how the elliptic curve parameters are encoded. +Possible value are: B<named_curve>, i.e. the ec parameters are +specified by an OID, or B<explicit> where the ec parameters are +explicitly given (see RFC 3279 for the definition of the +EC parameters structures). The default value is B<named_curve>. +B<Note> the B<implicitlyCA> alternative, as specified in RFC 3279, +is currently not implemented in OpenSSL. + {- $OpenSSL::safe::opt_engine_item -} =back @@ -144,6 +170,14 @@ To just output the public part of a private key: openssl pkey -in key.pem -pubout -out pubkey.pem +To change the EC parameters encoding to B<explicit>: + + openssl pkey -in key.pem -ec_param_enc explicit -out keyout.pem + +To change the EC point conversion form to B<compressed>: + + openssl pkey -in key.pem -ec_conv_form compressed -out keyout.pem + =head1 SEE ALSO L<openssl(1)>, |