=pod =encoding utf8 =head1 NAME ec - EC key processing =head1 SYNOPSIS B B [B<-help>] [B<-inform PEM|DER>] [B<-outform PEM|DER>] [B<-in filename>] [B<-passin arg>] [B<-out filename>] [B<-passout arg>] [B<-des>] [B<-des3>] [B<-sms4>] [B<-text>] [B<-noout>] [B<-param_out>] [B<-pubin>] [B<-pubout>] [B<-conv_form arg>] [B<-param_enc arg>] [B<-no_public>] [B<-check>] [B<-engine id>] =head1 DESCRIPTION The B command processes EC keys. They can be converted between various forms and their components printed out. B GmSSL uses the private key format specified in 'SEC 1: Elliptic Curve Cryptography' (http://www.secg.org/). To convert an GmSSL EC private key into the PKCS#8 private key format use the B command. ec命令处理EC密钥。 它们可以在各种形式之间进行转换,并将其组件打印出来。 注意GmSSL使用“SEC 1:椭圆曲线加密”(http://www.secg.org/)中指定的私钥格式。 要将GmSSL EC私钥转换为PKCS#8私钥格式,请使用pkcs8命令。 =head1 OPTIONS =over 4 =item B<-help> Print out a usage message. 输出使用信息。 =item B<-inform DER|PEM> This specifies the input format. The B option with a private key uses an ASN.1 DER encoded SEC1 private key. When used with a public key it uses the SubjectPublicKeyInfo structure as specified in RFC 3280. The B form is the default format: it consists of the B format base64 encoded with additional header and footer lines. In the case of a private key PKCS#8 format is also accepted. 该指令指出了输入文件格式。DER选项是一个私钥,它用ASN.1 DER编码的SEC1私钥文件。当为公钥时,用RFC3280指定的SubjectPublicKeyInfo结构。默认的是PEM格式,它也接受PKCS#8格式的私钥。 =item B<-outform DER|PEM> This specifies the output format, the options have the same meaning as the B<-inform> option. 该指令指出了输出格式。与-inform指令意义相同。 =item B<-in filename> This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for. 如果未指定此选项,则指定从或从标准输入读取密钥的输入文件名。 如果密钥加密,将提示输入密码。 =item B<-passin arg> the input file password source. For more information about the format of B see the B section in L. 指定私钥包含口令存放方式。 =item B<-out filename> This specifies the output filename to write a key to or standard output by is not specified. If any encryption options are set then a pass phrase will be prompted for. The output filename should B be the same as the input filename. 这指定了未指定要写入或输出的标准输出的输出文件名。 如果设置了任何加密选项,则会提示输入密码。 输出文件名不能与输入文件名相同。 =item B<-passout arg> the output file password source. For more information about the format of B see the B section in L. 输出文件口令保护存放方式。 =item B<-des|-des3|-sms4> These options encrypt the private key with the DES, triple DES, SMS4 or any other cipher supported by GmSSL before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This means that using the B utility to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by setting the encryption options it can be use to add or change the pass phrase. These options can only be used with PEM format output files. 这些选项在输出之前,使用DES,三重DES,SMS4或GmSSL支持的任何其他密码加密私钥。 提示通行短语。 如果没有指定这些选项,则键将以纯文本形式写入。 这意味着使用ec实用程序读取加密密钥,无加密选项可用于从密钥中删除密码短语,或通过设置可用于添加或更改密码短语的加密选项。 这些选项只能用于PEM格式的输出文件。 =item B<-text> prints out the public, private key components and parameters. 输出公钥和私钥的组成参数。 =item B<-noout> this option prevents output of the encoded version of the key. 不输出密钥信息。 =item B<-modulus> this option prints out the value of the public key component of the key. 该选项输出公钥组件值。 =item B<-pubin> by default a private key is read from the input file: with this option a public key is read instead. 默认读取为私钥,输入该指令后,从输入文件中读取公钥。 =item B<-pubout> by default a private key is output. With this option a public key will be output instead. This option is automatically set if the input is a public key. 输入该指令后,公钥值到输出文件中。默认保存私钥到输出文件。如果输入是公钥该选项将自动设置。 =item B<-conv_form> This specifies how the points on the elliptic curve are converted into octet strings. Possible values are: B (the default value), B and B. For more information regarding the point conversion forms please read the X9.62 standard. B Due to patent issues the B option is disabled by default for binary curves and can be enabled by defining the preprocessor macro B at compile time. 这指定椭圆曲线上的点如何转换为八位字节串。 可能的值有:压缩(默认值),未压缩和混合。 有关点转换表单的更多信息,请阅读X9.62标准。 注意由于专利问题,压缩选项默认情况下禁用二进制曲线,并且可以通过在编译时定义预处理器宏OPENSSL_EC_BIN_PT_COMP来启用。 =item B<-param_enc arg> This specifies how the elliptic curve parameters are encoded. Possible value are: B, i.e. the ec parameters are specified by an OID, or B where the ec parameters are explicitly given (see RFC 3279 for the definition of the EC parameters structures). The default value is B. B the B alternative, as specified in RFC 3279, is currently not implemented in GmSSL. 这指定椭圆曲线参数的编码方式。 可能的值为:named_curve,即ec参数由OID指定,或显式指定ec参数(参见RFC 3279以了解EC参数结构的定义)。 默认值为named_curve。 注意,如RFC 3279所述,implicitlyCA替代方案目前尚未在GmSSL中实现 =item B<-no_public> This option omits the public key components from the private key output. 该指令省略了私钥输出中的公钥组件。 =item B<-check> this option checks the consistency of an EC private or public key. 该指令检查了EC私钥或公钥的一致性。 =item B<-engine id> specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. 指定引擎。 =back =head1 NOTES The PEM private key format uses the header and footer lines: -----BEGIN EC PRIVATE KEY----- -----END EC PRIVATE KEY----- The PEM public key format uses the header and footer lines: -----BEGIN PUBLIC KEY----- -----END PUBLIC KEY----- =head1 EXAMPLES To encrypt a private key using triple DES: gmssl ec -in key.pem -des3 -out keyout.pem To convert a private key from PEM to DER format: gmssl ec -in key.pem -outform DER -out keyout.der To print out the components of a private key to standard output: gmssl ec -in key.pem -text -noout To just output the public part of a private key: gmssl ec -in key.pem -pubout -out pubkey.pem To change the parameters encoding to B: gmssl ec -in key.pem -param_enc explicit -out keyout.pem To change the point conversion form to B: gmssl ec -in key.pem -conv_form compressed -out keyout.pem =head1 SEE ALSO L, L, L =head1 COPYRIGHT Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. Licensed under the GmSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at L. =cut