Manual Pages for UNIX Operating System command usage for man ec

OpenSSL                                              EC(1openssl)



NNNNAAAAMMMMEEEE
     ec - EC key processing

SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS
  ooppeennssssll eecc[-iinnffoorrmmPPEEMM||DDEERR][-oouuttffoorrmmPPEEMM||DDEERR][-iinn
     ffffiiiilllleeeennnnaaaammmmeeee] [---pppaaaassssssssiiiinnnn aaaarrrrgggg] [---ooouuuutttt ffffiiiilllleeeennnnaaaammmmeeee] [---pppaaaassssssssoooouuuutttt aaaarrrrgggg]
     [---dddeeeessss] [---dddeeeessss3333] [---iiiddddeeeeaaaa] [---ttteeeexxxxtttt] [---nnnoooooooouuuutttt] [---pppaaaarrrraaaammmm_oooouuuutttt]
     [---pppuuuubbbbiiiinnnn] [---pppuuuubbbboooouuuutttt] [---cccoooonnnnvvvv_ffffoooorrrrmmmm aaaarrrrgggg] [---pppaaaarrrraaaammmm_eeeennnncccc aaaarrrrgggg]
     [---eeennnnggggiiiinnnneeee iiiidddd]

DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
  Teeecc omn rcse Cky.Te a ecnetd
     between various forms and their components printed out. NNNNooootttteeee
     OpenSSL uses the private key format specified in 'SEC 1:
     Elliptic Curve Cryptography' (http://www.secg.org/). To
     convert a OpenSSL EC private key into the PKCS#8 private key
     format use the ppppkkkkccccssss8888 command.

CCCCOOOOMMMMMMMMAAAANNNNDDDD OOOOPPPPTTTTIIIIOOOONNNNSSSS
     -iiiinnnnffffoooorrrrmmmm DDDDEEEERRRR||||PPPPEEEEMMMM
         This specifies the input format. The DDDDEEEERRRR option with a
         private key uses an ASN.1 DER encoded SEC1 private key.
         When used with a public key it uses the
         SubjectPublicKeyInfo structur as specified in RFC 3280.
         The PPPPEEEEMMMM form is the default format: it consists of the
         DDDDEEEERRRR format base64 encoded with additional header and
         footer lines. In the case of a private key PKCS#8 format
         is also accepted.

     -oooouuuuttttffffoooorrrrmmmm DDDDEEEERRRR||||PPPPEEEEMMMM
         This specifies the output format, the options have the
         same meaning as the ---iiinnnnffffoooorrrrmmmm option.

     -iiiinnnn ffffiiiilllleeeennnnaaaammmmeeee
         This specifies the input filename to read a key from or
         standard input if this option is not specified. If the
         key is encrypted a pass phrase will be prompted for.

     -ppppaaaassssssssiiiinnnn aaaarrrrgggg
         the input file password source. For more information
         about the format of aaaarrrrgggg see the PPPPAAAASSSSSSSS PPPPHHHHRRRRAAAASSSSEEEE AAAARRRRGGGGUUUUMMMMEEEENNNNTTTTSSSS
         section in openssl(1).

     -oooouuuutttt ffffiiiilllleeeennnnaaaammmmeeee
         This specifies the output filename to write a key to or
         standard output by is not specified. If any encryption
         options are set then a pass phrase will be prompted for.
         The output filename should nnnnooootttt be the same as the input
         filename.

     -ppppaaaassssssssoooouuuutttt aaaarrrrgggg
         the output file password source. For more information



21/Jul/2003            Last change: 0.9.8o                      1






OpenSSL                                              EC(1openssl)



         about the format of aaaarrrrgggg see the PPPPAAAASSSSSSSS PPPPHHHHRRRRAAAASSSSEEEE AAAARRRRGGGGUUUUMMMMEEEENNNNTTTTSSSS
         section in openssl(1).

     -ddddeeeessss||||-ddddeeeessss3333||||-iiiiddddeeeeaaaa
         These options encrypt the private key with the DES,
         triple DES, IDEA or any other cipher supported by
         OpenSSL before outputting it. A pass phrase is prompted
         for.  If none of these options is specified the key is
    witni li et hsmasta sn h eecc
         utility to read in an encrypted key with no encryption
         option can be used to remove the pass phrase from a key,
         or by setting the encryption options it can be use to
         add or change the pass phrase.  These options can only
         be used with PEM format output files.

     -tttteeeexxxxtttt
         prints out the public, private key components and
         parameters.

     -nnnnoooooooouuuutttt
         this option prevents output of the encoded version of
         the key.

     -mmmmoooodddduuuulllluuuussss
         this option prints out the value of the public key
         component of the key.

     -ppppuuuubbbbiiiinnnn
         by default a private key is read from the input file:
         with this option a public key is read instead.

     -ppppuuuubbbboooouuuutttt
         by default a private key is output. With this option a
         public key will be output instead. This option is
         automatically set if the input is a public key.

     -ccccoooonnnnvvvv_ffffoooorrrrmmmm
         This specifies how the points on the elliptic curve are
         converted into octet strings. Possible values are:
         ccccoooommmmpppprrrreeeesssssssseeeedddd (the default value), uuuunnnnccccoooommmmpppprrrreeeesssssssseeeedddd and hhhhyyyybbbbrrrriiiidddd.
         For more information regarding the point conversion
         forms please read the X9.62 standard.  NNNNooootttteeee Due to
         patent issues the ccccoooommmmpppprrrreeeesssssssseeeedddd option is disabled by
         default for binary curves and can be enabled by defining
         the preprocessor macro OOOOPPPPEEEENNNNSSSSSSSSLLLL_EEEECCCC_BBBBIIIINNNN_PPPPTTTT_CCCCOOOOMMMMPPPP at compile
         time.

     -ppppaaaarrrraaaammmm_eeeennnncccc aaaarrrrgggg
         This specifies how the elliptic curve parameters are
         encoded.  Possible value are: nnnnaaaammmmeeeedddd_ccccuuuurrrrvvvveeee, i.e. the ec
         parameters are specified by a OID, or eeeexxxxpppplllliiiicccciiiitttt where the
         ec parameters are explicitly given (see RFC 3279 for the



21/Jul/2003            Last change: 0.9.8o                      2






OpenSSL                                              EC(1openssl)



         definition of the EC parameters structures). The default
         value is nnnnaaaammmmeeeedddd_ccccuuuurrrrvvvveeee.  NNNNooootttteeee the iiiimmmmpppplllliiiicccciiiittttllllyyyyCCCCAAAA alternative
         ,as specified in RFC 3279, is currently not implemented
         in OpenSSL.

     -eeeennnnggggiiiinnnneeee iiiidddd
         specifying an engine (by it's unique iiiidddd string) will
         cause rrrreeeeqqqq to attempt to obtain a functional reference to
         the specified engine, thus initialising it if needed.
         The engine will then be set as the default for all
         available algorithms.

NNNNOOOOTTTTEEEESSSS
     The PEM private key format uses the header and footer lines:

      -----BEGIN EC PRIVATE KEY-----
      -----END EC PRIVATE KEY-----

     The PEM public key format uses the header and footer lines:

      -----BEGIN PUBLIC KEY-----
      -----END PUBLIC KEY-----


EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS
     To encrypt a private key using triple DES:

      openssl ec -in key.pem -des3 -out keyout.pem

     To convert a private key from PEM to DER format:

      openssl ec -in key.pem -outform DER -out keyout.der

     To print out the components of a private key to standard
     output:

      openssl ec -in key.pem -text -noout

     To just output the public part of a private key:

      openssl ec -in key.pem -pubout -out pubkey.pem

     To change the parameters encoding to eeeexxxxpppplllliiiicccciiiitttt:

      openssl ec -in key.pem -param_enc explicit -out keyout.pem

     To change the point conversion form to ccccoooommmmpppprrrreeeesssssssseeeedddd:

      openssl ec -in key.pem -conv_form compressed -out keyout.pem






21/Jul/2003            Last change: 0.9.8o                      3






OpenSSL                                              EC(1openssl)



SSSSEEEEEEEE AAAALLLLSSSSOOOO
     ecparam(1), dsa(1), rsa(1)

HHHHIIIISSSSTTTTOOOORRRRYYYY
     The ec command was first introduced in OpenSSL 0.9.8.

AAAAUUUUTTTTHHHHOOOORRRR
     Nils Larsch for the OpenSSL project
     (http://www.openssl.org).














































21/Jul/2003            Last change: 0.9.8o                      4