diff --git a/apps/ec.c b/apps/ec.c index 8800cdf58d..a0a96b7ab4 100644 --- a/apps/ec.c +++ b/apps/ec.c @@ -83,7 +83,8 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT, OPT_NOOUT, OPT_TEXT, OPT_PARAM_OUT, OPT_PUBIN, OPT_PUBOUT, - OPT_PASSIN, OPT_PASSOUT, OPT_PARAM_ENC, OPT_CONV_FORM, OPT_CIPHER + OPT_PASSIN, OPT_PASSOUT, OPT_PARAM_ENC, OPT_CONV_FORM, OPT_CIPHER, + OPT_NO_PUBLIC } OPTION_CHOICE; OPTIONS ec_options[] = { @@ -97,6 +98,7 @@ OPTIONS ec_options[] = { {"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"}, {"pubin", OPT_PUBIN, '-'}, {"pubout", OPT_PUBOUT, '-'}, + {"no_public", OPT_NO_PUBLIC, '-', "exclude public key from private key"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"param_enc", OPT_PARAM_ENC, 's', @@ -122,6 +124,7 @@ int ec_main(int argc, char **argv) int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_form = 0, new_asn1_flag = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0; int pubin = 0, pubout = 0, param_out = 0, i, ret = 1, private = 0; + int no_public = 0; prog = opt_init(argc, argv, ec_options); while ((o = opt_next()) != OPT_EOF) { @@ -189,6 +192,9 @@ int ec_main(int argc, char **argv) new_asn1_flag = 1; asn1_flag = i; break; + case OPT_NO_PUBLIC: + no_public = 1; + break; } } argc = opt_num_rest(); @@ -236,6 +242,9 @@ int ec_main(int argc, char **argv) if (new_asn1_flag) EC_KEY_set_asn1_flag(eckey, asn1_flag); + if (no_public) + EC_KEY_set_enc_flags(eckey, EC_PKEY_NO_PUBKEY); + if (text) { assert(pubin || private); if (!EC_KEY_print(out, eckey, 0)) { diff --git a/doc/apps/ec.pod b/doc/apps/ec.pod index 379d0a8264..0c42d46cf5 100644 --- a/doc/apps/ec.pod +++ b/doc/apps/ec.pod @@ -23,6 +23,7 @@ B B [B<-pubout>] [B<-conv_form arg>] [B<-param_enc arg>] +[B<-no_public>] [B<-engine id>] =head1 DESCRIPTION @@ -128,6 +129,10 @@ EC parameters structures). The default value is B. B the B alternative ,as specified in RFC 3279, is currently not implemented in OpenSSL. +=item B<-no_public> + +This option omits the public key components from the private key output. + =item B<-engine id> specifying an engine (by its unique B string) will cause B