NAME

ec - EC key processing

SYNOPSIS

gmssl ec [-help] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-des] [-des3] [-sms4] [-text] [-noout] [-param_out] [-pubin] [-pubout] [-conv_form arg] [-param_enc arg] [-no_public] [-check] [-engine id]

DESCRIPTION

The ec command processes EC keys. They can be converted between various forms and their components printed out. Note GmSSL uses the private key format specified in 'SEC 1: Elliptic Curve Cryptography' (http://www.secg.org/). To convert an GmSSL EC private key into the PKCS#8 private key format use the pkcs8 command.

ec命令处理EC密钥。 它们可以在各种形式之间进行转换,并将其组件打印出来。 注意GmSSL使用“SEC 1:椭圆曲线加密”(http://www.secg.org/)中指定的私钥格式。 要将GmSSL EC私钥转换为PKCS#8私钥格式,请使用pkcs8命令。

OPTIONS

-help

Print out a usage message.

输出使用信息。

-inform DER|PEM

This specifies the input format. The DER option with a private key uses an ASN.1 DER encoded SEC1 private key. When used with a public key it uses the SubjectPublicKeyInfo structure as specified in RFC 3280. The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines. In the case of a private key PKCS#8 format is also accepted.

该指令指出了输入文件格式。DER选项是一个私钥,它用ASN.1 DER编码的SEC1私钥文件。当为公钥时,用RFC3280指定的SubjectPublicKeyInfo结构。默认的是PEM格式,它也接受PKCS#8格式的私钥。

-outform DER|PEM

This specifies the output format, the options have the same meaning as the -inform option.

该指令指出了输出格式。与-inform指令意义相同。

-in filename

This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for.

如果未指定此选项,则指定从或从标准输入读取密钥的输入文件名。 如果密钥加密,将提示输入密码。

-passin arg

the input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in gmssl(1).

指定私钥包含口令存放方式。

-out filename

This specifies the output filename to write a key to or standard output by is not specified. If any encryption options are set then a pass phrase will be prompted for. The output filename should not be the same as the input filename.

这指定了未指定要写入或输出的标准输出的输出文件名。 如果设置了任何加密选项,则会提示输入密码。 输出文件名不能与输入文件名相同。

-passout arg

the output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in gmssl(1).

输出文件口令保护存放方式。

-des|-des3|-sms4

These options encrypt the private key with the DES, triple DES, SMS4 or any other cipher supported by GmSSL before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This means that using the ec utility to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by setting the encryption options it can be use to add or change the pass phrase. These options can only be used with PEM format output files.

这些选项在输出之前,使用DES,三重DES,SMS4或GmSSL支持的任何其他密码加密私钥。 提示通行短语。 如果没有指定这些选项,则键将以纯文本形式写入。 这意味着使用ec实用程序读取加密密钥,无加密选项可用于从密钥中删除密码短语,或通过设置可用于添加或更改密码短语的加密选项。 这些选项只能用于PEM格式的输出文件。

-text

prints out the public, private key components and parameters.

输出公钥和私钥的组成参数。

-noout

this option prevents output of the encoded version of the key.

不输出密钥信息。

-modulus

this option prints out the value of the public key component of the key.

该选项输出公钥组件值。

-pubin

by default a private key is read from the input file: with this option a public key is read instead.

默认读取为私钥,输入该指令后,从输入文件中读取公钥。

-pubout

by default a private key is output. With this option a public key will be output instead. This option is automatically set if the input is a public key.

输入该指令后,公钥值到输出文件中。默认保存私钥到输出文件。如果输入是公钥该选项将自动设置。

-conv_form

This specifies how the points on the elliptic curve are converted into octet strings. Possible values are: compressed (the default value), uncompressed and hybrid. For more information regarding the point conversion forms please read the X9.62 standard. Note Due to patent issues the compressed option is disabled by default for binary curves and can be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP at compile time.

这指定椭圆曲线上的点如何转换为八位字节串。 可能的值有:压缩(默认值),未压缩和混合。 有关点转换表单的更多信息,请阅读X9.62标准。 注意由于专利问题,压缩选项默认情况下禁用二进制曲线,并且可以通过在编译时定义预处理器宏OPENSSL_EC_BIN_PT_COMP来启用。

-param_enc arg

This specifies how the elliptic curve parameters are encoded. Possible value are: named_curve, i.e. the ec parameters are specified by an OID, or explicit where the ec parameters are explicitly given (see RFC 3279 for the definition of the EC parameters structures). The default value is named_curve. Note the implicitlyCA alternative, as specified in RFC 3279, is currently not implemented in GmSSL.

这指定椭圆曲线参数的编码方式。 可能的值为:named_curve,即ec参数由OID指定,或显式指定ec参数(参见RFC 3279以了解EC参数结构的定义)。 默认值为named_curve。 注意,如RFC 3279所述,implicitlyCA替代方案目前尚未在GmSSL中实现

-no_public

This option omits the public key components from the private key output.

该指令省略了私钥输出中的公钥组件。

-check

this option checks the consistency of an EC private or public key.

该指令检查了EC私钥或公钥的一致性。

-engine id

specifying an engine (by its unique id string) will cause ec to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms.

指定引擎。

NOTES

The PEM private key format uses the header and footer lines:

-----BEGIN EC PRIVATE KEY-----
-----END EC PRIVATE KEY-----

The PEM public key format uses the header and footer lines:

-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----

EXAMPLES

To encrypt a private key using triple DES:

gmssl ec -in key.pem -des3 -out keyout.pem

To convert a private key from PEM to DER format:

gmssl ec -in key.pem -outform DER -out keyout.der

To print out the components of a private key to standard output:

gmssl ec -in key.pem -text -noout

To just output the public part of a private key:

gmssl ec -in key.pem -pubout -out pubkey.pem

To change the parameters encoding to explicit:

gmssl ec -in key.pem -param_enc explicit -out keyout.pem

To change the point conversion form to compressed:

gmssl ec -in key.pem -conv_form compressed -out keyout.pem

SEE ALSO

ecparam(1), dsa(1), rsa(1)

COPYRIGHT

Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the GmSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.