dsaparam(1ssl) — Commands
NAME
dsaparam − DSA parameter manipulation and generation
SYNOPSIS
openssl dsaparam [−inform DER | PEM] [−outform DER | PEM] [−in filename] [−out filename] [−noout] [−text] [−C] [−rand filename] [−genkey] [numbits]
OPTIONS
−inform DER|PEM
Specifies the input format. The DER option uses an ASN1 DER encoded form compatible with RFC2459 (PKIX) DSS-Parms that is a SEQUENCE consisting of p, q and g respectively. The PEM form is the default format. It consists of the DER format base64 encoded with additional header and footer lines.
−outform DER|PEM
Specifies the output format, the options have the same meaning as the −inform option.
−in filename
Specifies the input filename to read parameters from or standard input if this option is not specified. If the numbits parameter is included then this option will be ignored.
−out filename
Specifies the output filename parameters to. Standard output is used if this option is not present. The output filename should not be the same as the input filename.
−nooutInhibits the output of the encoded version of the parameters.
−textPrints out the DSA parameters in human readable form.
−CConverts the parameters into C code. The parameters can then be loaded by calling the get_dsaXXX() function.
−genkey
Generates a DSA either using the specified or generated parameters.
−rand file(s)
A file or files containing random data used to seed the random number generator, or an EGD socket. (See RAND_egd(3).) Multiple files can be specified separated by an OS-dependent character. The separator is a semicolon (;) for MS-Windows, a comma (,) for OpenVMS, and a colon (:) for all others.
numbits
Specifies that a parameter set should be generated of size numbits. It must be the last option. If this option is included then the input file (if any) is ignored.
DESCRIPTION
This command is used to manipulate or generate DSA parameter files.
NOTES
PEM format DSA parameters use the following header and footer lines:
-----BEGIN DSA PARAMETERS-----
-----END DSA PARAMETERS-----
DSA parameter generation is a slow process, and as a result the same set of DSA parameters is often used to generate several distinct keys.
SEE ALSO
Commands: gendsa(1ssl), dsa(1ssl), genrsa(1ssl), rsa(1ssl)