Unix-commands-ec
提供:Dev Guides
-Unix、Linuxコマンド
link:/unix_commands/index [previous] link:/unix_commands/index [next] [[1]] php [AddThis Social Bookmark Button]
NAME
概要
*opensslec-inform PEM | DER-outform PEM | DER-in filename-passin arg-out filename-passout arg-des-des3-idea-text-noout-param_out-pubin-pubout-conv_form arg-param_enc arg-engine id*説明
- ec EC Note * SEChttp://www.secg.orgEC*pkcs8*
コマンドオプション
| Tag | Description |
|---|---|
| *-inform DER | PEM * |
| This specifies the input format. The* DER option with a private key uses an ASN.1 DER encoded SEC1 private key. When used with a public key it uses the SubjectPublicKeyInfo structur as specified in RFC 3280. The PEM form is the default format: it consists of the DER* format base64 encoded with additional header and footer lines. In the case of a private key PKCS#8 format is also accepted. | *-outform DER |
| PEM * | This specifies the output format, the options have the same meaning as the* -inform* option. |
| -in filename | This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for. |
| *-passin arg * | the input file password source. For more information about the format of* arg see the PASS PHRASE ARGUMENTS* section in openssl(1). |
| *-out filename * | This specifies the output filename to write a key to or standard output by is not specified. If any encryption options are set then a pass phrase will be prompted for. The output filename should* not* be the same as the input filename. |
| *-passout arg * | the output file password source. For more information about the format of* arg see the PASS PHRASE ARGUMENTS* section in openssl(1). |
| *-des | -des3 |
| -idea * | These options encrypt the private key with the DES, triple DES, IDEA or any other cipher supported by OpenSSL before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This means that using the* ec* utility to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by setting the encryption options it can be use to add or change the pass phrase. These options can only be used with PEM format output files. |
| -text | prints out the public, private key components and parameters. |
| -noout | this option prevents output of the encoded version of the key. |
| -modulus | this option prints out the value of the public key component of the key. |
| -pubin | by default a private key is read from the input file: with this option a public key is read instead. |
| -pubout | by default a private key is output. With this option a public key will be output instead. This option is automatically set if the input is a public key. |
| *-conv_form * | This specifies how the points on the elliptic curve are converted into octet strings. Possible values are:* compressed (the default value), uncompressed and hybrid*. For more information regarding the point conversion forms please read the X9.62 standard. Note *Due to patent issues the compressed option is disabled by default for binary curves and can be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP* at compile time. |
| *-param_enc arg * | This specifies how the elliptic curve parameters are encoded. Possible value are:* named_curve*, i.e. the ec parameters are specified by a OID, or explicit *where the ec parameters are explicitly given (see RFC 3279 for the definition of the EC parameters structures). The default value is named_curve*. Note *the implicitlyCA* alternative ,as specified in RFC 3279, is currently not implemented in OpenSSL. |
| *-engine id * | specifying an engine (by it’s unique* id string) will cause req* to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. |
ノート
PEM
++
| -----BEGIN EC PRIVATE KEY----- -----END EC PRIVATE KEY----- |
PEM公開キー形式では、ヘッダー行とフッター行が使用されます。
++
| -----BEGIN PUBLIC KEY----- -----END PUBLIC KEY----- |
例
トリプルDESを使用して秘密鍵を暗号化するには:
++
| openssl ec -in key.pem -des3 -out keyout.pem |
秘密鍵をPEMからDER形式に変換するには:
++
| openssl ec -in key.pem -outform DER -out keyout.der |
秘密鍵のコンポーネントを標準出力に出力するには:
++
| openssl ec -in key.pem -text -noout |
秘密鍵の公開部分のみを出力するには:
++
| openssl ec -in key.pem -pubout -out pubkey.pem |
パラメーターのエンコードを*明示*に変更するには:
++
| openssl ec -in key.pem -param_enc explicit -out keyout.pem |
ポイント変換フォームを compressed に変更するには:
++
| openssl ec -in key.pem -conv_form compressed -out keyout.pem |
関連項目
ecparam(1)、_ dsa_(1)、_ rsa_(1)
歴史
ecコマンドは、OpenSSL 0.9.8で初めて導入されました。
著者
OpenSSLプロジェクトのNils Larsch(http://www.openssl.org)。 リンク:/unix_commands/index [previous]リンク:/unix_commands/index [next]リンク:/cgi-bin/printversion.cgi?tutorial = unix_commands&file = [Printer Friendly]
| Advertisements |
