1OPENSSL-ECPARAM(1ossl)              OpenSSL             OPENSSL-ECPARAM(1ossl)
2
3
4

NAME

6       openssl-ecparam - EC parameter manipulation and generation
7

SYNOPSIS

9       openssl ecparam [-help] [-inform DER|PEM] [-outform DER|PEM] [-in
10       filename] [-out filename] [-noout] [-text] [-check] [-check_named]
11       [-name arg] [-list_curves] [-conv_form arg] [-param_enc arg] [-no_seed]
12       [-genkey] [-engine id] [-rand files] [-writerand file] [-provider name]
13       [-provider-path path] [-propquery propq]
14

DESCRIPTION

16       This command is used to manipulate or generate EC parameter files.
17
18       OpenSSL is currently not able to generate new groups and therefore this
19       command can only create EC parameters from known (named) curves.
20

OPTIONS

22       -help
23           Print out a usage message.
24
25       -inform DER|PEM
26           The EC parameters input format; unspecified by default.  See
27           openssl-format-options(1) for details.
28
29       -outform DER|PEM
30           The EC parameters output format; the default is PEM.  See
31           openssl-format-options(1) for details.
32
33           Parameters are encoded as EcpkParameters as specified in IETF RFC
34           3279.
35
36       -in filename
37           This specifies the input filename to read parameters from or
38           standard input if this option is not specified.
39
40       -out filename
41           This specifies the output filename parameters to. Standard output
42           is used if this option is not present. The output filename should
43           not be the same as the input filename.
44
45       -noout
46           This option inhibits the output of the encoded version of the
47           parameters.
48
49       -text
50           This option prints out the EC parameters in human readable form.
51
52       -check
53           Validate the elliptic curve parameters.
54
55       -check_named
56           Validate the elliptic name curve parameters by checking if the
57           curve parameters match any built-in curves.
58
59       -name arg
60           Use the EC parameters with the specified 'short' name. Use
61           -list_curves to get a list of all currently implemented EC
62           parameters.
63
64       -list_curves
65           Print out a list of all currently implemented EC parameters names
66           and exit.
67
68       -conv_form arg
69           This specifies how the points on the elliptic curve are converted
70           into octet strings. Possible values are: compressed, uncompressed
71           (the default value) and hybrid. For more information regarding the
72           point conversion forms please read the X9.62 standard.  Note Due to
73           patent issues the compressed option is disabled by default for
74           binary curves and can be enabled by defining the preprocessor macro
75           OPENSSL_EC_BIN_PT_COMP at compile time.
76
77       -param_enc arg
78           This specifies how the elliptic curve parameters are encoded.
79           Possible value are: named_curve, i.e. the ec parameters are
80           specified by an OID, or explicit where the ec parameters are
81           explicitly given (see RFC 3279 for the definition of the EC
82           parameters structures). The default value is named_curve.  Note the
83           implicitlyCA alternative, as specified in RFC 3279, is currently
84           not implemented in OpenSSL.
85
86       -no_seed
87           This option inhibits that the 'seed' for the parameter generation
88           is included in the ECParameters structure (see RFC 3279).
89
90       -genkey
91           This option will generate an EC private key using the specified
92           parameters.
93
94       -engine id
95           See "Engine Options" in openssl(1).  This option is deprecated.
96
97       -rand files, -writerand file
98           See "Random State Options" in openssl(1) for details.
99
100       -provider name
101       -provider-path path
102       -propquery propq
103           See "Provider Options" in openssl(1), provider(7), and property(7).
104
105       The openssl-genpkey(1) and openssl-pkeyparam(1) commands are capable of
106       performing all the operations this command can, as well as supporting
107       other public key types.
108

EXAMPLES

110       The documentation for the openssl-genpkey(1) and openssl-pkeyparam(1)
111       commands contains examples equivalent to the ones listed here.
112
113       To create EC parameters with the group 'prime192v1':
114
115         openssl ecparam -out ec_param.pem -name prime192v1
116
117       To create EC parameters with explicit parameters:
118
119         openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit
120
121       To validate given EC parameters:
122
123         openssl ecparam -in ec_param.pem -check
124
125       To create EC parameters and a private key:
126
127         openssl ecparam -out ec_key.pem -name prime192v1 -genkey
128
129       To change the point encoding to 'compressed':
130
131         openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed
132
133       To print out the EC parameters to standard output:
134
135         openssl ecparam -in ec_param.pem -noout -text
136

SEE ALSO

138       openssl(1), openssl-pkeyparam(1), openssl-genpkey(1), openssl-ec(1),
139       openssl-dsaparam(1)
140

HISTORY

142       The -engine option was deprecated in OpenSSL 3.0.
143
144       The -C option was removed in OpenSSL 3.0.
145

COPYRIGHT

147       Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
148
149       Licensed under the Apache License 2.0 (the "License").  You may not use
150       this file except in compliance with the License.  You can obtain a copy
151       in the file LICENSE in the source distribution or at
152       <https://www.openssl.org/source/license.html>.
153
154
155
1563.1.1                             2023-08-31            OPENSSL-ECPARAM(1ossl)