1ebfedea0SLionel Sambuc=pod 2ebfedea0SLionel Sambuc 3ebfedea0SLionel Sambuc=head1 NAME 4ebfedea0SLionel Sambuc 5ebfedea0SLionel Sambucdsa - DSA key processing 6ebfedea0SLionel Sambuc 7ebfedea0SLionel Sambuc=head1 SYNOPSIS 8ebfedea0SLionel Sambuc 9ebfedea0SLionel SambucB<openssl> B<dsa> 10ebfedea0SLionel Sambuc[B<-inform PEM|DER>] 11ebfedea0SLionel Sambuc[B<-outform PEM|DER>] 12ebfedea0SLionel Sambuc[B<-in filename>] 13ebfedea0SLionel Sambuc[B<-passin arg>] 14ebfedea0SLionel Sambuc[B<-out filename>] 15ebfedea0SLionel Sambuc[B<-passout arg>] 16*0a6a1f1dSLionel Sambuc[B<-aes128>] 17*0a6a1f1dSLionel Sambuc[B<-aes192>] 18*0a6a1f1dSLionel Sambuc[B<-aes256>] 19*0a6a1f1dSLionel Sambuc[B<-camellia128>] 20*0a6a1f1dSLionel Sambuc[B<-camellia192>] 21*0a6a1f1dSLionel Sambuc[B<-camellia256>] 22ebfedea0SLionel Sambuc[B<-des>] 23ebfedea0SLionel Sambuc[B<-des3>] 24ebfedea0SLionel Sambuc[B<-idea>] 25ebfedea0SLionel Sambuc[B<-text>] 26ebfedea0SLionel Sambuc[B<-noout>] 27ebfedea0SLionel Sambuc[B<-modulus>] 28ebfedea0SLionel Sambuc[B<-pubin>] 29ebfedea0SLionel Sambuc[B<-pubout>] 30ebfedea0SLionel Sambuc[B<-engine id>] 31ebfedea0SLionel Sambuc 32ebfedea0SLionel Sambuc=head1 DESCRIPTION 33ebfedea0SLionel Sambuc 34ebfedea0SLionel SambucThe B<dsa> command processes DSA keys. They can be converted between various 35ebfedea0SLionel Sambucforms and their components printed out. B<Note> This command uses the 36ebfedea0SLionel Sambuctraditional SSLeay compatible format for private key encryption: newer 37ebfedea0SLionel Sambucapplications should use the more secure PKCS#8 format using the B<pkcs8> 38ebfedea0SLionel Sambuc 39ebfedea0SLionel Sambuc=head1 COMMAND OPTIONS 40ebfedea0SLionel Sambuc 41ebfedea0SLionel Sambuc=over 4 42ebfedea0SLionel Sambuc 43ebfedea0SLionel Sambuc=item B<-inform DER|PEM> 44ebfedea0SLionel Sambuc 45ebfedea0SLionel SambucThis specifies the input format. The B<DER> option with a private key uses 46ebfedea0SLionel Sambucan ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of 47ebfedea0SLionel Sambucversion (currently zero), p, q, g, the public and private key components 48ebfedea0SLionel Sambucrespectively as ASN.1 INTEGERs. When used with a public key it uses a 49ebfedea0SLionel SambucSubjectPublicKeyInfo structure: it is an error if the key is not DSA. 50ebfedea0SLionel Sambuc 51ebfedea0SLionel SambucThe B<PEM> form is the default format: it consists of the B<DER> format base64 52ebfedea0SLionel Sambucencoded with additional header and footer lines. In the case of a private key 53ebfedea0SLionel SambucPKCS#8 format is also accepted. 54ebfedea0SLionel Sambuc 55ebfedea0SLionel Sambuc=item B<-outform DER|PEM> 56ebfedea0SLionel Sambuc 57ebfedea0SLionel SambucThis specifies the output format, the options have the same meaning as the 58ebfedea0SLionel SambucB<-inform> option. 59ebfedea0SLionel Sambuc 60ebfedea0SLionel Sambuc=item B<-in filename> 61ebfedea0SLionel Sambuc 62ebfedea0SLionel SambucThis specifies the input filename to read a key from or standard input if this 63ebfedea0SLionel Sambucoption is not specified. If the key is encrypted a pass phrase will be 64ebfedea0SLionel Sambucprompted for. 65ebfedea0SLionel Sambuc 66ebfedea0SLionel Sambuc=item B<-passin arg> 67ebfedea0SLionel Sambuc 68ebfedea0SLionel Sambucthe input file password source. For more information about the format of B<arg> 69ebfedea0SLionel Sambucsee the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 70ebfedea0SLionel Sambuc 71ebfedea0SLionel Sambuc=item B<-out filename> 72ebfedea0SLionel Sambuc 73ebfedea0SLionel SambucThis specifies the output filename to write a key to or standard output by 74ebfedea0SLionel Sambucis not specified. If any encryption options are set then a pass phrase will be 75ebfedea0SLionel Sambucprompted for. The output filename should B<not> be the same as the input 76ebfedea0SLionel Sambucfilename. 77ebfedea0SLionel Sambuc 78ebfedea0SLionel Sambuc=item B<-passout arg> 79ebfedea0SLionel Sambuc 80ebfedea0SLionel Sambucthe output file password source. For more information about the format of B<arg> 81ebfedea0SLionel Sambucsee the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 82ebfedea0SLionel Sambuc 83*0a6a1f1dSLionel Sambuc=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> 84ebfedea0SLionel Sambuc 85*0a6a1f1dSLionel SambucThese options encrypt the private key with the specified 86*0a6a1f1dSLionel Sambuccipher before outputting it. A pass phrase is prompted for. 87ebfedea0SLionel SambucIf none of these options is specified the key is written in plain text. This 88ebfedea0SLionel Sambucmeans that using the B<dsa> utility to read in an encrypted key with no 89ebfedea0SLionel Sambucencryption option can be used to remove the pass phrase from a key, or by 90ebfedea0SLionel Sambucsetting the encryption options it can be use to add or change the pass phrase. 91ebfedea0SLionel SambucThese options can only be used with PEM format output files. 92ebfedea0SLionel Sambuc 93ebfedea0SLionel Sambuc=item B<-text> 94ebfedea0SLionel Sambuc 95ebfedea0SLionel Sambucprints out the public, private key components and parameters. 96ebfedea0SLionel Sambuc 97ebfedea0SLionel Sambuc=item B<-noout> 98ebfedea0SLionel Sambuc 99ebfedea0SLionel Sambucthis option prevents output of the encoded version of the key. 100ebfedea0SLionel Sambuc 101ebfedea0SLionel Sambuc=item B<-modulus> 102ebfedea0SLionel Sambuc 103ebfedea0SLionel Sambucthis option prints out the value of the public key component of the key. 104ebfedea0SLionel Sambuc 105ebfedea0SLionel Sambuc=item B<-pubin> 106ebfedea0SLionel Sambuc 107ebfedea0SLionel Sambucby default a private key is read from the input file: with this option a 108ebfedea0SLionel Sambucpublic key is read instead. 109ebfedea0SLionel Sambuc 110ebfedea0SLionel Sambuc=item B<-pubout> 111ebfedea0SLionel Sambuc 112ebfedea0SLionel Sambucby default a private key is output. With this option a public 113ebfedea0SLionel Sambuckey will be output instead. This option is automatically set if the input is 114ebfedea0SLionel Sambuca public key. 115ebfedea0SLionel Sambuc 116ebfedea0SLionel Sambuc=item B<-engine id> 117ebfedea0SLionel Sambuc 118ebfedea0SLionel Sambucspecifying an engine (by its unique B<id> string) will cause B<dsa> 119ebfedea0SLionel Sambucto attempt to obtain a functional reference to the specified engine, 120ebfedea0SLionel Sambucthus initialising it if needed. The engine will then be set as the default 121ebfedea0SLionel Sambucfor all available algorithms. 122ebfedea0SLionel Sambuc 123ebfedea0SLionel Sambuc=back 124ebfedea0SLionel Sambuc 125ebfedea0SLionel Sambuc=head1 NOTES 126ebfedea0SLionel Sambuc 127ebfedea0SLionel SambucThe PEM private key format uses the header and footer lines: 128ebfedea0SLionel Sambuc 129ebfedea0SLionel Sambuc -----BEGIN DSA PRIVATE KEY----- 130ebfedea0SLionel Sambuc -----END DSA PRIVATE KEY----- 131ebfedea0SLionel Sambuc 132ebfedea0SLionel SambucThe PEM public key format uses the header and footer lines: 133ebfedea0SLionel Sambuc 134ebfedea0SLionel Sambuc -----BEGIN PUBLIC KEY----- 135ebfedea0SLionel Sambuc -----END PUBLIC KEY----- 136ebfedea0SLionel Sambuc 137ebfedea0SLionel Sambuc=head1 EXAMPLES 138ebfedea0SLionel Sambuc 139ebfedea0SLionel SambucTo remove the pass phrase on a DSA private key: 140ebfedea0SLionel Sambuc 141ebfedea0SLionel Sambuc openssl dsa -in key.pem -out keyout.pem 142ebfedea0SLionel Sambuc 143ebfedea0SLionel SambucTo encrypt a private key using triple DES: 144ebfedea0SLionel Sambuc 145ebfedea0SLionel Sambuc openssl dsa -in key.pem -des3 -out keyout.pem 146ebfedea0SLionel Sambuc 147ebfedea0SLionel SambucTo convert a private key from PEM to DER format: 148ebfedea0SLionel Sambuc 149ebfedea0SLionel Sambuc openssl dsa -in key.pem -outform DER -out keyout.der 150ebfedea0SLionel Sambuc 151ebfedea0SLionel SambucTo print out the components of a private key to standard output: 152ebfedea0SLionel Sambuc 153ebfedea0SLionel Sambuc openssl dsa -in key.pem -text -noout 154ebfedea0SLionel Sambuc 155ebfedea0SLionel SambucTo just output the public part of a private key: 156ebfedea0SLionel Sambuc 157ebfedea0SLionel Sambuc openssl dsa -in key.pem -pubout -out pubkey.pem 158ebfedea0SLionel Sambuc 159ebfedea0SLionel Sambuc=head1 SEE ALSO 160ebfedea0SLionel Sambuc 161ebfedea0SLionel SambucL<dsaparam(1)|dsaparam(1)>, L<gendsa(1)|gendsa(1)>, L<rsa(1)|rsa(1)>, 162ebfedea0SLionel SambucL<genrsa(1)|genrsa(1)> 163ebfedea0SLionel Sambuc 164ebfedea0SLionel Sambuc=cut 165