1DSA(1) OpenSSL DSA(1)
2
3
4
6 dsa - DSA key processing
7
9 openssl dsa [-inform PEM|DER] [-outform PEM|DER] [-in filename]
10 [-passin arg] [-out filename] [-passout arg] [-des] [-des3] [-idea]
11 [-text] [-noout] [-modulus] [-pubin] [-pubout] [-engine id]
12
14 The dsa command processes DSA keys. They can be converted between
15 various forms and their components printed out. Note This command uses
16 the traditional SSLeay compatible format for private key encryption:
17 newer applications should use the more secure PKCS#8 format using the
18 pkcs8
19
21 -inform DER|PEM
22 This specifies the input format. The DER option with a private key
23 uses an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of
24 the values of version (currently zero), p, q, g, the public and
25 private key components respectively as ASN.1 INTEGERs. When used
26 with a public key it uses a SubjectPublicKeyInfo structure: it is
27 an error if the key is not DSA.
28
29 The PEM form is the default format: it consists of the DER format
30 base64 encoded with additional header and footer lines. In the case
31 of a private key PKCS#8 format is also accepted.
32
33 -outform DER|PEM
34 This specifies the output format, the options have the same meaning
35 as the -inform option.
36
37 -in filename
38 This specifies the input filename to read a key from or standard
39 input if this option is not specified. If the key is encrypted a
40 pass phrase will be prompted for.
41
42 -passin arg
43 the input file password source. For more information about the
44 format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).
45
46 -out filename
47 This specifies the output filename to write a key to or standard
48 output by is not specified. If any encryption options are set then
49 a pass phrase will be prompted for. The output filename should not
50 be the same as the input filename.
51
52 -passout arg
53 the output file password source. For more information about the
54 format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).
55
56 -des|-des3|-idea
57 These options encrypt the private key with the DES, triple DES, or
58 the IDEA ciphers respectively before outputting it. A pass phrase
59 is prompted for. If none of these options is specified the key is
60 written in plain text. This means that using the dsa utility to
61 read in an encrypted key with no encryption option can be used to
62 remove the pass phrase from a key, or by setting the encryption
63 options it can be use to add or change the pass phrase. These
64 options can only be used with PEM format output files.
65
66 -text
67 prints out the public, private key components and parameters.
68
69 -noout
70 this option prevents output of the encoded version of the key.
71
72 -modulus
73 this option prints out the value of the public key component of the
74 key.
75
76 -pubin
77 by default a private key is read from the input file: with this
78 option a public key is read instead.
79
80 -pubout
81 by default a private key is output. With this option a public key
82 will be output instead. This option is automatically set if the
83 input is a public key.
84
85 -engine id
86 specifying an engine (by its unique id string) will cause dsa to
87 attempt to obtain a functional reference to the specified engine,
88 thus initialising it if needed. The engine will then be set as the
89 default for all available algorithms.
90
92 The PEM private key format uses the header and footer lines:
93
94 -----BEGIN DSA PRIVATE KEY-----
95 -----END DSA PRIVATE KEY-----
96
97 The PEM public key format uses the header and footer lines:
98
99 -----BEGIN PUBLIC KEY-----
100 -----END PUBLIC KEY-----
101
103 To remove the pass phrase on a DSA private key:
104
105 openssl dsa -in key.pem -out keyout.pem
106
107 To encrypt a private key using triple DES:
108
109 openssl dsa -in key.pem -des3 -out keyout.pem
110
111 To convert a private key from PEM to DER format:
112
113 openssl dsa -in key.pem -outform DER -out keyout.der
114
115 To print out the components of a private key to standard output:
116
117 openssl dsa -in key.pem -text -noout
118
119 To just output the public part of a private key:
120
121 openssl dsa -in key.pem -pubout -out pubkey.pem
122
124 dsaparam(1), gendsa(1), rsa(1), genrsa(1)
125
126
127
1281.0.0e 2009-04-10 DSA(1)