dsaparam(1)
NAME
dsaparam - DSA parameter manipulation and generation
SYNOPSIS
openssl dsaparam [-inform DER|PEM] [-outform DER|PEM] [-in filename] [-out filename] [-noout] [-text] [-C] [-rand file(s)] [-genkey] [-engine id] [numbits]
DESCRIPTION
This command is used to manipulate or generate DSA parameter files.
OPTIONS
- -inform DER|PEM
- This specifies the input format. The DER option uses an ASN1 DER
encoded form compatible with RFC2459 (PKIX) DSS-Parms that is a
SEQUENCE consisting of p, q and g respectively. The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines. - -outform DER|PEM
- This specifies the output format, the options have the same meaning as the -inform option.
- -in filename
- This specifies the input filename to read parameters from or
standard input if this option is not specified. If the numbits parameter is included then this option will be ignored. - -out filename
- This specifies the output filename parameters to. Standard output
is used if this option is not present. The output filename should
not be the same as the input filename. - -noout
- this option inhibits the output of the encoded version of the
parameters. - -text
- this option prints out the DSA parameters in human readable form.
- -C this option converts the parameters into C code. The parameters can
- then be loaded by calling the ggeett__ddssaaXXXXXX(()) function.
- -genkey
- this option will generate a DSA either using the specified or
generated parameters. - -rand file(s)
- a file or files containing random data used to seed the random
number generator, or an EGD socket (see RAND_egd(3)). Multiple files can be specified separated by a OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others. - numbits
- this option specifies that a parameter set should be generated of
size numbits. It must be the last option. If this option is included then the input file (if any) is ignored. - -engine id
- specifying an engine (by it's unique id string) will cause req to
attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default for all available algorithms.
NOTES
- PEM format DSA parameters use the header and footer lines:
- -----BEGIN DSA PARAMETERS---------END DSA PARAMETERS----
- DSA parameter generation is a slow process and as a result the same set of DSA parameters is often used to generate several distinct keys.