mirror of
https://github.com/openssl/openssl.git
synced 2024-12-04 23:43:55 +08:00
Update the genpkey documentation
Fixes #5739 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5800)
This commit is contained in:
parent
d54897cf54
commit
77579510aa
@ -63,13 +63,27 @@ options.
|
|||||||
|
|
||||||
Public key algorithm to use such as RSA, DSA or DH. If used this option must
|
Public key algorithm to use such as RSA, DSA or DH. If used this option must
|
||||||
precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
|
precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
|
||||||
are mutually exclusive.
|
are mutually exclusive. Engines may add algorithms in addition to the standard
|
||||||
|
built-in ones.
|
||||||
|
|
||||||
|
Valid built-in algorithm names for private key generation are RSA, RSA-PSS, EC,
|
||||||
|
X25519, X448, ED25519 and ED448.
|
||||||
|
|
||||||
|
Valid built-in algorithm names for parameter generation (see the B<-genparam>
|
||||||
|
option) are DH, DSA and EC.
|
||||||
|
|
||||||
|
Note that the algorithm name X9.42 DH may be used as a synonym for the DH
|
||||||
|
algorithm. These are identical and do not indicate the type of parameters that
|
||||||
|
will be generated. Use the B<dh_paramgen_type> option to indicate whether PKCS#3
|
||||||
|
or X9.42 DH parameters are required. See L<DH Parameter Generation Options>
|
||||||
|
below for more details.
|
||||||
|
|
||||||
=item B<-pkeyopt opt:value>
|
=item B<-pkeyopt opt:value>
|
||||||
|
|
||||||
Set the public key algorithm option B<opt> to B<value>. The precise set of
|
Set the public key algorithm option B<opt> to B<value>. The precise set of
|
||||||
options supported depends on the public key algorithm used and its
|
options supported depends on the public key algorithm used and its
|
||||||
implementation. See B<KEY GENERATION OPTIONS> below for more details.
|
implementation. See L<KEY GENERATION OPTIONS> and
|
||||||
|
L<PARAMETER GENERATION OPTIONS> below for more details.
|
||||||
|
|
||||||
=item B<-genparam>
|
=item B<-genparam>
|
||||||
|
|
||||||
@ -95,9 +109,10 @@ parameters along with the PEM or DER structure.
|
|||||||
|
|
||||||
The options supported by each algorithm and indeed each implementation of an
|
The options supported by each algorithm and indeed each implementation of an
|
||||||
algorithm can vary. The options for the OpenSSL implementations are detailed
|
algorithm can vary. The options for the OpenSSL implementations are detailed
|
||||||
below.
|
below. There are no key generation options defined for the X25519, X448, ED25519
|
||||||
|
or ED448 algorithms.
|
||||||
|
|
||||||
=head1 RSA KEY GENERATION OPTIONS
|
=head2 RSA Key Generation Options
|
||||||
|
|
||||||
=over 4
|
=over 4
|
||||||
|
|
||||||
@ -116,32 +131,13 @@ hexadecimal value if preceded by B<0x>. Default value is 65537.
|
|||||||
|
|
||||||
=back
|
=back
|
||||||
|
|
||||||
=head1 RSA-PSS KEY GENERATION OPTIONS
|
=head2 RSA-PSS Key Generation Options
|
||||||
|
|
||||||
Note: by default an B<RSA-PSS> key has no parameter restrictions.
|
Note: by default an B<RSA-PSS> key has no parameter restrictions.
|
||||||
|
|
||||||
=over 4
|
=over 4
|
||||||
|
|
||||||
=item B<rsa_keygen_bits:numbits>, B<rsa_keygen_pubexp:value>
|
=item B<rsa_keygen_bits:numbits>, B<rsa_keygen_primes:numprimes>, B<rsa_keygen_pubexp:value>
|
||||||
|
|
||||||
These options have the same meaning as the B<RSA> algorithm.
|
|
||||||
|
|
||||||
=item B<rsa_pss_keygen_md:digest>
|
|
||||||
|
|
||||||
=item B<rsa_keygen_pubexp:value>
|
|
||||||
|
|
||||||
The RSA public exponent value. This can be a large decimal or
|
|
||||||
hexadecimal value if preceded by B<0x>. Default value is 65537.
|
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
=head1 RSA-PSS KEY GENERATION OPTIONS
|
|
||||||
|
|
||||||
Note: by default an B<RSA-PSS> key has no parameter restrictions.
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item B<rsa_keygen_bits:numbits>, B<rsa_keygen_pubexp:value>
|
|
||||||
|
|
||||||
These options have the same meaning as the B<RSA> algorithm.
|
These options have the same meaning as the B<RSA> algorithm.
|
||||||
|
|
||||||
@ -160,44 +156,9 @@ If set the key is restricted and B<len> specifies the minimum salt length.
|
|||||||
|
|
||||||
=back
|
=back
|
||||||
|
|
||||||
=head1 DSA PARAMETER GENERATION OPTIONS
|
=head2 EC Key Generation Options
|
||||||
|
|
||||||
=over 4
|
The EC key generation options can also be used for parameter generation.
|
||||||
|
|
||||||
=item B<dsa_paramgen_bits:numbits>
|
|
||||||
|
|
||||||
The number of bits in the generated parameters. If not specified 1024 is used.
|
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
=head1 DH PARAMETER GENERATION OPTIONS
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item B<dh_paramgen_prime_len:numbits>
|
|
||||||
|
|
||||||
The number of bits in the prime parameter B<p>.
|
|
||||||
|
|
||||||
=item B<dh_paramgen_generator:value>
|
|
||||||
|
|
||||||
The value to use for the generator B<g>.
|
|
||||||
|
|
||||||
=item B<dh_rfc5114:num>
|
|
||||||
|
|
||||||
If this option is set then the appropriate RFC5114 parameters are used
|
|
||||||
instead of generating new parameters. The value B<num> can take the
|
|
||||||
values 1, 2 or 3 corresponding to RFC5114 DH parameters consisting of
|
|
||||||
1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup
|
|
||||||
and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections
|
|
||||||
2.1, 2.2 and 2.3 respectively.
|
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
=head1 EC PARAMETER GENERATION OPTIONS
|
|
||||||
|
|
||||||
The EC parameter generation options below can also
|
|
||||||
be supplied as EC key generation options. This can (for example) generate a
|
|
||||||
key from a named curve without the need to use an explicit parameter file.
|
|
||||||
|
|
||||||
=over 4
|
=over 4
|
||||||
|
|
||||||
@ -208,44 +169,80 @@ The EC curve to use. OpenSSL supports NIST curve names such as "P-256".
|
|||||||
=item B<ec_param_enc:encoding>
|
=item B<ec_param_enc:encoding>
|
||||||
|
|
||||||
The encoding to use for parameters. The "encoding" parameter must be either
|
The encoding to use for parameters. The "encoding" parameter must be either
|
||||||
"named_curve" or "explicit".
|
"named_curve" or "explicit". The default value is "named_curve".
|
||||||
|
|
||||||
=back
|
=back
|
||||||
|
|
||||||
=head1 GOST2001 KEY GENERATION AND PARAMETER OPTIONS
|
=head1 PARAMETER GENERATION OPTIONS
|
||||||
|
|
||||||
Gost 2001 support is not enabled by default. To enable this algorithm,
|
The options supported by each algorithm and indeed each implementation of an
|
||||||
one should load the ccgost engine in the OpenSSL configuration file.
|
algorithm can vary. The options for the OpenSSL implementations are detailed
|
||||||
See README.gost file in the engines/ccgost directory of the source
|
below.
|
||||||
distribution for more details.
|
|
||||||
|
|
||||||
Use of a parameter file for the GOST R 34.10 algorithm is optional.
|
=head2 DSA Parameter Generation Options
|
||||||
Parameters can be specified during key generation directly as well as
|
|
||||||
during generation of parameter file.
|
|
||||||
|
|
||||||
=over 4
|
=over 4
|
||||||
|
|
||||||
=item B<paramset:name>
|
=item B<dsa_paramgen_bits:numbits>
|
||||||
|
|
||||||
Specifies GOST R 34.10-2001 parameter set according to RFC 4357.
|
The number of bits in the generated prime. If not specified 1024 is used.
|
||||||
Parameter set can be specified using abbreviated name, object short name or
|
|
||||||
numeric OID. Following parameter sets are supported:
|
|
||||||
|
|
||||||
paramset OID Usage
|
=item B<dsa_paramgen_q_bits:numbits>
|
||||||
A 1.2.643.2.2.35.1 Signature
|
|
||||||
B 1.2.643.2.2.35.2 Signature
|
The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
|
||||||
C 1.2.643.2.2.35.3 Signature
|
specified 160 is used.
|
||||||
XA 1.2.643.2.2.36.0 Key exchange
|
|
||||||
XB 1.2.643.2.2.36.1 Key exchange
|
=item B<dsa_paramgen_md:digest>
|
||||||
test 1.2.643.2.2.35.0 Test purposes
|
|
||||||
|
The digest to use during parameter generation. Must be one of B<sha1>, B<sha224>
|
||||||
|
or B<sha256>. If set, then the number of bits in B<q> will match the output size
|
||||||
|
of the specified digest and the B<dsa_paramgen_q_bits> parameter will be
|
||||||
|
ignored. If not set, then a digest will be used that gives an output matching
|
||||||
|
the number of bits in B<q>, i.e. B<sha1> if q length is 160, B<sha224> if it 224
|
||||||
|
or B<sha256> if it is 256.
|
||||||
|
|
||||||
=back
|
=back
|
||||||
|
|
||||||
=head1 X25519 and X448 KEY GENERATION OPTIONS
|
=head2 DH Parameter Generation Options
|
||||||
|
|
||||||
The X25519 and X448 algorithms do not currently support any key generation
|
=over 4
|
||||||
|
|
||||||
|
=item B<dh_paramgen_prime_len:numbits>
|
||||||
|
|
||||||
|
The number of bits in the prime parameter B<p>. The default is 1024.
|
||||||
|
|
||||||
|
=item B<dh_paramgen_subprime_len:numbits>
|
||||||
|
|
||||||
|
The number of bits in the sub prime parameter B<q>. The default is 256 if the
|
||||||
|
prime is at least 2048 bits long or 160 otherwise. Only relevant if used in
|
||||||
|
conjunction with the B<dh_paramgen_type> option to generate X9.42 DH parameters.
|
||||||
|
|
||||||
|
=item B<dh_paramgen_generator:value>
|
||||||
|
|
||||||
|
The value to use for the generator B<g>. The default is 2.
|
||||||
|
|
||||||
|
=item B<dh_paramgen_type:value>
|
||||||
|
|
||||||
|
The type of DH parameters to generate. Use 0 for PKCS#3 DH and 1 for X9.42 DH.
|
||||||
|
The default is 0.
|
||||||
|
|
||||||
|
=item B<dh_rfc5114:num>
|
||||||
|
|
||||||
|
If this option is set, then the appropriate RFC5114 parameters are used
|
||||||
|
instead of generating new parameters. The value B<num> can take the
|
||||||
|
values 1, 2 or 3 corresponding to RFC5114 DH parameters consisting of
|
||||||
|
1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup
|
||||||
|
and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections
|
||||||
|
2.1, 2.2 and 2.3 respectively. If present this overrides all other DH parameter
|
||||||
options.
|
options.
|
||||||
|
|
||||||
|
=back
|
||||||
|
|
||||||
|
=head2 EC Parameter Generation Options
|
||||||
|
|
||||||
|
The EC parameter generation options are the same as for key generation. See
|
||||||
|
L<EC Key Generation Options> above.
|
||||||
|
|
||||||
=head1 NOTES
|
=head1 NOTES
|
||||||
|
|
||||||
The use of the genpkey program is encouraged over the algorithm specific
|
The use of the genpkey program is encouraged over the algorithm specific
|
||||||
@ -267,19 +264,25 @@ Generate a 2048 bit RSA key using 3 as the public exponent:
|
|||||||
openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \
|
openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \
|
||||||
-pkeyopt rsa_keygen_pubexp:3
|
-pkeyopt rsa_keygen_pubexp:3
|
||||||
|
|
||||||
Generate 1024 bit DSA parameters:
|
Generate 2048 bit DSA parameters:
|
||||||
|
|
||||||
openssl genpkey -genparam -algorithm DSA -out dsap.pem \
|
openssl genpkey -genparam -algorithm DSA -out dsap.pem \
|
||||||
-pkeyopt dsa_paramgen_bits:1024
|
-pkeyopt dsa_paramgen_bits:2048
|
||||||
|
|
||||||
Generate DSA key from parameters:
|
Generate DSA key from parameters:
|
||||||
|
|
||||||
openssl genpkey -paramfile dsap.pem -out dsakey.pem
|
openssl genpkey -paramfile dsap.pem -out dsakey.pem
|
||||||
|
|
||||||
Generate 1024 bit DH parameters:
|
Generate 2048 bit DH parameters:
|
||||||
|
|
||||||
openssl genpkey -genparam -algorithm DH -out dhp.pem \
|
openssl genpkey -genparam -algorithm DH -out dhp.pem \
|
||||||
-pkeyopt dh_paramgen_prime_len:1024
|
-pkeyopt dh_paramgen_prime_len:2048
|
||||||
|
|
||||||
|
Generate 2048 bit X9.42 DH parameters:
|
||||||
|
|
||||||
|
openssl genpkey -genparam -algorithm DH -out dhpx.pem \
|
||||||
|
-pkeyopt dh_paramgen_prime_len:2048 \
|
||||||
|
-pkeyopt dh_paramgen_type:1
|
||||||
|
|
||||||
Output RFC5114 2048 bit DH parameters with 224 bit subgroup:
|
Output RFC5114 2048 bit DH parameters with 224 bit subgroup:
|
||||||
|
|
||||||
@ -309,10 +312,16 @@ Generate an X25519 private key:
|
|||||||
|
|
||||||
openssl genpkey -algorithm X25519 -out xkey.pem
|
openssl genpkey -algorithm X25519 -out xkey.pem
|
||||||
|
|
||||||
|
Generate an ED448 private key:
|
||||||
|
|
||||||
|
openssl genpkey -algorithm ED448 -out xkey.pem
|
||||||
|
|
||||||
=head1 HISTORY
|
=head1 HISTORY
|
||||||
|
|
||||||
The ability to use NIST curve names, and to generate an EC key directly,
|
The ability to use NIST curve names, and to generate an EC key directly,
|
||||||
were added in OpenSSL 1.0.2.
|
were added in OpenSSL 1.0.2. The ability to generate X25519 keys was added in
|
||||||
|
OpenSSL 1.1.0. The ability to generate X448, ED25519 and ED448 keys was added in
|
||||||
|
OpenSSL 1.1.1.
|
||||||
|
|
||||||
=head1 COPYRIGHT
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user