OLD | NEW |
(Empty) | |
| 1 =pod |
| 2 |
| 3 =head1 NAME |
| 4 |
| 5 genpkey - generate a private key |
| 6 |
| 7 =head1 SYNOPSIS |
| 8 |
| 9 B<openssl> B<genpkey> |
| 10 [B<-out filename>] |
| 11 [B<-outform PEM|DER>] |
| 12 [B<-pass arg>] |
| 13 [B<-cipher>] |
| 14 [B<-engine id>] |
| 15 [B<-paramfile file>] |
| 16 [B<-algorithm alg>] |
| 17 [B<-pkeyopt opt:value>] |
| 18 [B<-genparam>] |
| 19 [B<-text>] |
| 20 |
| 21 =head1 DESCRIPTION |
| 22 |
| 23 The B<genpkey> command generates a private key. |
| 24 |
| 25 =head1 OPTIONS |
| 26 |
| 27 =over 4 |
| 28 |
| 29 =item B<-out filename> |
| 30 |
| 31 the output filename. If this argument is not specified then standard output is |
| 32 used. |
| 33 |
| 34 =item B<-outform DER|PEM> |
| 35 |
| 36 This specifies the output format DER or PEM. |
| 37 |
| 38 =item B<-pass arg> |
| 39 |
| 40 the output file password source. For more information about the format of B<arg> |
| 41 see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. |
| 42 |
| 43 =item B<-cipher> |
| 44 |
| 45 This option encrypts the private key with the supplied cipher. Any algorithm |
| 46 name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>. |
| 47 |
| 48 =item B<-engine id> |
| 49 |
| 50 specifying an engine (by its unique B<id> string) will cause B<genpkey> |
| 51 to attempt to obtain a functional reference to the specified engine, |
| 52 thus initialising it if needed. The engine will then be set as the default |
| 53 for all available algorithms. If used this option should precede all other |
| 54 options. |
| 55 |
| 56 =item B<-algorithm alg> |
| 57 |
| 58 public key algorithm to use such as RSA, DSA or DH. If used this option must |
| 59 precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm> |
| 60 are mutually exclusive. |
| 61 |
| 62 =item B<-pkeyopt opt:value> |
| 63 |
| 64 set the public key algorithm option B<opt> to B<value>. The precise set of |
| 65 options supported depends on the public key algorithm used and its |
| 66 implementation. See B<KEY GENERATION OPTIONS> below for more details. |
| 67 |
| 68 =item B<-genparam> |
| 69 |
| 70 generate a set of parameters instead of a private key. If used this option must |
| 71 precede and B<-algorithm>, B<-paramfile> or B<-pkeyopt> options. |
| 72 |
| 73 =item B<-paramfile filename> |
| 74 |
| 75 Some public key algorithms generate a private key based on a set of parameters. |
| 76 They can be supplied using this option. If this option is used the public key |
| 77 algorithm used is determined by the parameters. If used this option must |
| 78 precede and B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm> |
| 79 are mutually exclusive. |
| 80 |
| 81 =item B<-text> |
| 82 |
| 83 Print an (unencrypted) text representation of private and public keys and |
| 84 parameters along with the PEM or DER structure. |
| 85 |
| 86 =back |
| 87 |
| 88 =head1 KEY GENERATION OPTIONS |
| 89 |
| 90 The options supported by each algorith and indeed each implementation of an |
| 91 algorithm can vary. The options for the OpenSSL implementations are detailed |
| 92 below. |
| 93 |
| 94 =head1 RSA KEY GENERATION OPTIONS |
| 95 |
| 96 =over 4 |
| 97 |
| 98 =item B<rsa_keygen_bits:numbits> |
| 99 |
| 100 The number of bits in the generated key. If not specified 1024 is used. |
| 101 |
| 102 =item B<rsa_keygen_pubexp:value> |
| 103 |
| 104 The RSA public exponent value. This can be a large decimal or |
| 105 hexadecimal value if preceded by B<0x>. Default value is 65537. |
| 106 |
| 107 =back |
| 108 |
| 109 =head1 DSA PARAMETER GENERATION OPTIONS |
| 110 |
| 111 =over 4 |
| 112 |
| 113 =item B<dsa_paramgen_bits:numbits> |
| 114 |
| 115 The number of bits in the generated parameters. If not specified 1024 is used. |
| 116 |
| 117 =head1 DH PARAMETER GENERATION OPTIONS |
| 118 |
| 119 =over 4 |
| 120 |
| 121 =item B<dh_paramgen_prime_len:numbits> |
| 122 |
| 123 The number of bits in the prime parameter B<p>. |
| 124 |
| 125 =item B<dh_paramgen_generator:value> |
| 126 |
| 127 The value to use for the generator B<g>. |
| 128 |
| 129 =back |
| 130 |
| 131 =head1 EC PARAMETER GENERATION OPTIONS |
| 132 |
| 133 =over 4 |
| 134 |
| 135 =item B<ec_paramgen_curve:curve> |
| 136 |
| 137 the EC curve to use. |
| 138 |
| 139 =back |
| 140 |
| 141 =head1 GOST2001 KEY GENERATION AND PARAMETER OPTIONS |
| 142 |
| 143 Gost 2001 support is not enabled by default. To enable this algorithm, |
| 144 one should load the ccgost engine in the OpenSSL configuration file. |
| 145 See README.gost file in the engines/ccgost directiry of the source |
| 146 distribution for more details. |
| 147 |
| 148 Use of a parameter file for the GOST R 34.10 algorithm is optional. |
| 149 Parameters can be specified during key generation directly as well as |
| 150 during generation of parameter file. |
| 151 |
| 152 =over 4 |
| 153 |
| 154 =item B<paramset:name> |
| 155 |
| 156 Specifies GOST R 34.10-2001 parameter set according to RFC 4357. |
| 157 Parameter set can be specified using abbreviated name, object short name or |
| 158 numeric OID. Following parameter sets are supported: |
| 159 |
| 160 paramset OID Usage |
| 161 A 1.2.643.2.2.35.1 Signature |
| 162 B 1.2.643.2.2.35.2 Signature |
| 163 C 1.2.643.2.2.35.3 Signature |
| 164 XA 1.2.643.2.2.36.0 Key exchange |
| 165 XB 1.2.643.2.2.36.1 Key exchange |
| 166 test 1.2.643.2.2.35.0 Test purposes |
| 167 |
| 168 =back |
| 169 |
| 170 |
| 171 |
| 172 =head1 NOTES |
| 173 |
| 174 The use of the genpkey program is encouraged over the algorithm specific |
| 175 utilities because additional algorithm options and ENGINE provided algorithms |
| 176 can be used. |
| 177 |
| 178 =head1 EXAMPLES |
| 179 |
| 180 Generate an RSA private key using default parameters: |
| 181 |
| 182 openssl genpkey -algorithm RSA -out key.pem |
| 183 |
| 184 Encrypt output private key using 128 bit AES and the passphrase "hello": |
| 185 |
| 186 openssl genpkey -algorithm RSA -out key.pem -aes-128-cbc -pass pass:hello |
| 187 |
| 188 Generate a 2048 bit RSA key using 3 as the public exponent: |
| 189 |
| 190 openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \ |
| 191 -pkeyopt rsa_keygen_pubexp:3 |
| 192 |
| 193 Generate 1024 bit DSA parameters: |
| 194 |
| 195 openssl genpkey -genparam -algorithm DSA -out dsap.pem \ |
| 196 -pkeyopt dsa_paramgen_bits:1024 |
| 197 |
| 198 Generate DSA key from parameters: |
| 199 |
| 200 openssl genpkey -paramfile dsap.pem -out dsakey.pem |
| 201 |
| 202 Generate 1024 bit DH parameters: |
| 203 |
| 204 openssl genpkey -genparam -algorithm DH -out dhp.pem \ |
| 205 -pkeyopt dh_paramgen_prime_len:1024 |
| 206 |
| 207 Generate DH key from parameters: |
| 208 |
| 209 openssl genpkey -paramfile dhp.pem -out dhkey.pem |
| 210 |
| 211 |
| 212 =cut |
| 213 |
OLD | NEW |