openssl-dsaparam - DSA parameter manipulation and generation
openssl dsaparam [-help] [-inform
DER|PEM] [-outform DER|PEM] [-in
filename] [-out filename] [-noout]
[-text] [-genkey] [-verbose] [-quiet]
[-rand files] [-writerand file] [-engine
id] [-provider name] [-provider-path
path] [-provparam [name:]key=value] [-propquery
propq] [numbits] [numqbits]
This command is used to manipulate or generate DSA parameter
files.
DSA parameter generation can be a slow process and as a result the
same set of DSA parameters is often used to generate several distinct
keys.
- -help
- Print out a usage message.
- -inform
DER|PEM
- The DSA parameters input format; unspecified by default. See
openssl-format-options(1) for details.
- -outform
DER|PEM
- The DSA parameters output format; the default is PEM. See
openssl-format-options(1) for details.
Parameters are a sequence of ASN.1 INTEGERs: p,
q, and g. This is compatible with RFC 2459
DSS-Parms structure.
- -in
filename
- This specifies the input file to read parameters from or standard input if
this option is not specified. If the numbits parameter is included
then this option will be ignored.
- -out
filename
- This specifies the output file to write parameters to. Standard output is
used if this option is not present. The output filename can be the same as
the input filename, which leads to replacing the file contents. Note that
file I/O is not atomic. The output file is truncated and then
written.
- -noout
- This option inhibits the output of the encoded version of the
parameters.
- -text
- This option prints out the DSA parameters in human readable form.
- -genkey
- This option will generate a DSA either using the specified or generated
parameters.
- -verbose
- Print extra details about the operations being performed.
- -quiet
- Print fewer details about the operations being performed, which may be
handy during batch scripts and pipelines.
- -rand files,
-writerand file
- See "Random State Options" in openssl(1) for
details.
- -engine
id
- See "Engine Options" in openssl(1). This option is
deprecated.
- numbits
- This optional argument specifies that a parameter set should be generated
of size numbits. If this argument is included then the input file
(if any) is ignored.
- numqbits
- This optional argument specifies that a parameter set should be generated
with a subprime parameter q of size numqbits. It must be the last
argument. If this argument is included then the input file (if any) is
ignored.
- -provider
name
- -provider-path
path
- -provparam
[name:]key=value
- -propquery
propq
- See "Provider Options" in openssl(1), provider(7),
and property(7).
openssl(1), openssl-pkeyparam(1),
openssl-gendsa(1), openssl-dsa(1), openssl-genrsa(1),
openssl-rsa(1)
The -engine option was deprecated in OpenSSL 3.0.
The -C option was removed in OpenSSL 3.0.
Copyright 2000-2023 The OpenSSL Project Authors. All Rights
Reserved.
Licensed under the Apache License 2.0 (the "License").
You may not use this file except in compliance with the License. You can
obtain a copy in the file LICENSE in the source distribution or at
<https://www.openssl.org/source/license.html>.