1=pod
2
3=head1 NAME
4
5openssl-dsa,
6dsa - DSA key processing
7
8=head1 SYNOPSIS
9
10B<openssl> B<dsa>
11[B<-help>]
12[B<-inform PEM|DER>]
13[B<-outform PEM|DER>]
14[B<-in filename>]
15[B<-passin arg>]
16[B<-out filename>]
17[B<-passout arg>]
18[B<-aes128>]
19[B<-aes192>]
20[B<-aes256>]
21[B<-aria128>]
22[B<-aria192>]
23[B<-aria256>]
24[B<-camellia128>]
25[B<-camellia192>]
26[B<-camellia256>]
27[B<-des>]
28[B<-des3>]
29[B<-idea>]
30[B<-text>]
31[B<-noout>]
32[B<-modulus>]
33[B<-pubin>]
34[B<-pubout>]
35[B<-engine id>]
36
37=head1 DESCRIPTION
38
39The B<dsa> command processes DSA keys. They can be converted between various
40forms and their components printed out. B<Note> This command uses the
41traditional SSLeay compatible format for private key encryption: newer
42applications should use the more secure PKCS#8 format using the B<pkcs8>
43
44=head1 OPTIONS
45
46=over 4
47
48=item B<-help>
49
50Print out a usage message.
51
52=item B<-inform DER|PEM>
53
54This specifies the input format. The B<DER> option with a private key uses
55an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of
56version (currently zero), p, q, g, the public and private key components
57respectively as ASN.1 INTEGERs. When used with a public key it uses a
58SubjectPublicKeyInfo structure: it is an error if the key is not DSA.
59
60The B<PEM> form is the default format: it consists of the B<DER> format base64
61encoded with additional header and footer lines. In the case of a private key
62PKCS#8 format is also accepted.
63
64=item B<-outform DER|PEM>
65
66This specifies the output format, the options have the same meaning and default
67as the B<-inform> option.
68
69=item B<-in filename>
70
71This specifies the input filename to read a key from or standard input if this
72option is not specified. If the key is encrypted a pass phrase will be
73prompted for.
74
75=item B<-passin arg>
76
77The input file password source. For more information about the format of B<arg>
78see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
79
80=item B<-out filename>
81
82This specifies the output filename to write a key to or standard output by
83is not specified. If any encryption options are set then a pass phrase will be
84prompted for. The output filename should B<not> be the same as the input
85filename.
86
87=item B<-passout arg>
88
89The output file password source. For more information about the format of B<arg>
90see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
91
92=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea>
93
94These options encrypt the private key with the specified
95cipher before outputting it. A pass phrase is prompted for.
96If none of these options is specified the key is written in plain text. This
97means that using the B<dsa> utility to read in an encrypted key with no
98encryption option can be used to remove the pass phrase from a key, or by
99setting the encryption options it can be use to add or change the pass phrase.
100These options can only be used with PEM format output files.
101
102=item B<-text>
103
104Prints out the public, private key components and parameters.
105
106=item B<-noout>
107
108This option prevents output of the encoded version of the key.
109
110=item B<-modulus>
111
112This option prints out the value of the public key component of the key.
113
114=item B<-pubin>
115
116By default, a private key is read from the input file. With this option a
117public key is read instead.
118
119=item B<-pubout>
120
121By default, a private key is output. With this option a public
122key will be output instead. This option is automatically set if the input is
123a public key.
124
125=item B<-engine id>
126
127Specifying an engine (by its unique B<id> string) will cause B<dsa>
128to attempt to obtain a functional reference to the specified engine,
129thus initialising it if needed. The engine will then be set as the default
130for all available algorithms.
131
132=back
133
134=head1 NOTES
135
136The PEM private key format uses the header and footer lines:
137
138 -----BEGIN DSA PRIVATE KEY-----
139 -----END DSA PRIVATE KEY-----
140
141The PEM public key format uses the header and footer lines:
142
143 -----BEGIN PUBLIC KEY-----
144 -----END PUBLIC KEY-----
145
146=head1 EXAMPLES
147
148To remove the pass phrase on a DSA private key:
149
150 openssl dsa -in key.pem -out keyout.pem
151
152To encrypt a private key using triple DES:
153
154 openssl dsa -in key.pem -des3 -out keyout.pem
155
156To convert a private key from PEM to DER format:
157
158 openssl dsa -in key.pem -outform DER -out keyout.der
159
160To print out the components of a private key to standard output:
161
162 openssl dsa -in key.pem -text -noout
163
164To just output the public part of a private key:
165
166 openssl dsa -in key.pem -pubout -out pubkey.pem
167
168=head1 SEE ALSO
169
170L<dsaparam(1)>, L<gendsa(1)>, L<rsa(1)>,
171L<genrsa(1)>
172
173=head1 COPYRIGHT
174
175Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
176
177Licensed under the OpenSSL license (the "License").  You may not use
178this file except in compliance with the License.  You can obtain a copy
179in the file LICENSE in the source distribution or at
180L<https://www.openssl.org/source/license.html>.
181
182=cut
183