mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-05-07 08:56:17 +08:00
247 lines
8.2 KiB
Plaintext
247 lines
8.2 KiB
Plaintext
=pod
|
||
|
||
=encoding utf8
|
||
|
||
=head1 NAME
|
||
|
||
ec - EC key processing
|
||
|
||
=head1 SYNOPSIS
|
||
|
||
B<gmssl> B<ec>
|
||
[B<-help>]
|
||
[B<-inform PEM|DER>]
|
||
[B<-outform PEM|DER>]
|
||
[B<-in filename>]
|
||
[B<-passin arg>]
|
||
[B<-out filename>]
|
||
[B<-passout arg>]
|
||
[B<-des>]
|
||
[B<-des3>]
|
||
[B<-sms4>]
|
||
[B<-text>]
|
||
[B<-noout>]
|
||
[B<-param_out>]
|
||
[B<-pubin>]
|
||
[B<-pubout>]
|
||
[B<-conv_form arg>]
|
||
[B<-param_enc arg>]
|
||
[B<-no_public>]
|
||
[B<-check>]
|
||
[B<-engine id>]
|
||
|
||
=head1 DESCRIPTION
|
||
|
||
The B<ec> command processes EC keys. They can be converted between various
|
||
forms and their components printed out. B<Note> GmSSL uses the
|
||
private key format specified in 'SEC 1: Elliptic Curve Cryptography'
|
||
(http://www.secg.org/). To convert an GmSSL EC private key into the
|
||
PKCS#8 private key format use the B<pkcs8> command.
|
||
|
||
ec命令处理EC密钥。 它们可以在各种形式之间进行转换,并将其组件打印出来。 注意GmSSL使用“SEC 1:椭圆曲线加密”(http://www.secg.org/)中指定的私钥格式。 要将GmSSL EC私钥转换为PKCS#8私钥格式,请使用pkcs8命令。
|
||
|
||
=head1 OPTIONS
|
||
|
||
=over 4
|
||
|
||
=item B<-help>
|
||
|
||
Print out a usage message.
|
||
|
||
输出使用信息。
|
||
|
||
=item B<-inform DER|PEM>
|
||
|
||
This specifies the input format. The B<DER> option with a private key uses
|
||
an ASN.1 DER encoded SEC1 private key. When used with a public key it
|
||
uses the SubjectPublicKeyInfo structure as specified in RFC 3280.
|
||
The B<PEM> form is the default format: it consists of the B<DER> format base64
|
||
encoded with additional header and footer lines. In the case of a private key
|
||
PKCS#8 format is also accepted.
|
||
|
||
该指令指出了输入文件格式。DER选项是一个私钥,它用ASN.1 DER编码的SEC1私钥文件。当为公钥时,用RFC3280指定的SubjectPublicKeyInfo结构。默认的是PEM格式,它也接受PKCS#8格式的私钥。
|
||
|
||
=item B<-outform DER|PEM>
|
||
|
||
This specifies the output format, the options have the same meaning as the
|
||
B<-inform> option.
|
||
|
||
该指令指出了输出格式。与-inform指令意义相同。
|
||
|
||
=item B<-in filename>
|
||
|
||
This specifies the input filename to read a key from or standard input if this
|
||
option is not specified. If the key is encrypted a pass phrase will be
|
||
prompted for.
|
||
|
||
如果未指定此选项,则指定从或从标准输入读取密钥的输入文件名。 如果密钥加密,将提示输入密码。
|
||
|
||
=item B<-passin arg>
|
||
|
||
the input file password source. For more information about the format of B<arg>
|
||
see the B<PASS PHRASE ARGUMENTS> section in L<gmssl(1)>.
|
||
|
||
指定私钥包含口令存放方式。
|
||
|
||
=item B<-out filename>
|
||
|
||
This specifies the output filename to write a key to or standard output by
|
||
is not specified. If any encryption options are set then a pass phrase will be
|
||
prompted for. The output filename should B<not> be the same as the input
|
||
filename.
|
||
|
||
这指定了未指定要写入或输出的标准输出的输出文件名。 如果设置了任何加密选项,则会提示输入密码。 输出文件名不能与输入文件名相同。
|
||
|
||
=item B<-passout arg>
|
||
|
||
the output file password source. For more information about the format of B<arg>
|
||
see the B<PASS PHRASE ARGUMENTS> section in L<gmssl(1)>.
|
||
|
||
输出文件口令保护存放方式。
|
||
|
||
=item B<-des|-des3|-sms4>
|
||
|
||
These options encrypt the private key with the DES, triple DES, SMS4 or
|
||
any other cipher supported by GmSSL before outputting it. A pass phrase is
|
||
prompted for.
|
||
If none of these options is specified the key is written in plain text. This
|
||
means that using the B<ec> utility to read in an encrypted key with no
|
||
encryption option can be used to remove the pass phrase from a key, or by
|
||
setting the encryption options it can be use to add or change the pass phrase.
|
||
These options can only be used with PEM format output files.
|
||
|
||
这些选项在输出之前,使用DES,三重DES,SMS4或GmSSL支持的任何其他密码加密私钥。 提示通行短语。 如果没有指定这些选项,则键将以纯文本形式写入。 这意味着使用ec实用程序读取加密密钥,无加密选项可用于从密钥中删除密码短语,或通过设置可用于添加或更改密码短语的加密选项。 这些选项只能用于PEM格式的输出文件。
|
||
|
||
=item B<-text>
|
||
|
||
prints out the public, private key components and parameters.
|
||
|
||
输出公钥和私钥的组成参数。
|
||
|
||
=item B<-noout>
|
||
|
||
this option prevents output of the encoded version of the key.
|
||
|
||
不输出密钥信息。
|
||
|
||
=item B<-modulus>
|
||
|
||
this option prints out the value of the public key component of the key.
|
||
|
||
该选项输出公钥组件值。
|
||
|
||
=item B<-pubin>
|
||
|
||
by default a private key is read from the input file: with this option a
|
||
public key is read instead.
|
||
|
||
默认读取为私钥,输入该指令后,从输入文件中读取公钥。
|
||
|
||
=item B<-pubout>
|
||
|
||
by default a private key is output. With this option a public
|
||
key will be output instead. This option is automatically set if the input is
|
||
a public key.
|
||
|
||
输入该指令后,公钥值到输出文件中。默认保存私钥到输出文件。如果输入是公钥该选项将自动设置。
|
||
|
||
=item B<-conv_form>
|
||
|
||
This specifies how the points on the elliptic curve are converted
|
||
into octet strings. Possible values are: B<compressed> (the default
|
||
value), B<uncompressed> and B<hybrid>. For more information regarding
|
||
the point conversion forms please read the X9.62 standard.
|
||
B<Note> Due to patent issues the B<compressed> option is disabled
|
||
by default for binary curves and can be enabled by defining
|
||
the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.
|
||
|
||
这指定椭圆曲线上的点如何转换为八位字节串。 可能的值有:压缩(默认值),未压缩和混合。 有关点转换表单的更多信息,请阅读X9.62标准。 注意由于专利问题,压缩选项默认情况下禁用二进制曲线,并且可以通过在编译时定义预处理器宏OPENSSL_EC_BIN_PT_COMP来启用。
|
||
|
||
=item B<-param_enc arg>
|
||
|
||
This specifies how the elliptic curve parameters are encoded.
|
||
Possible value are: B<named_curve>, i.e. the ec parameters are
|
||
specified by an OID, or B<explicit> where the ec parameters are
|
||
explicitly given (see RFC 3279 for the definition of the
|
||
EC parameters structures). The default value is B<named_curve>.
|
||
B<Note> the B<implicitlyCA> alternative, as specified in RFC 3279,
|
||
is currently not implemented in GmSSL.
|
||
|
||
这指定椭圆曲线参数的编码方式。 可能的值为:named_curve,即ec参数由OID指定,或显式指定ec参数(参见RFC 3279以了解EC参数结构的定义)。 默认值为named_curve。 注意,如RFC 3279所述,implicitlyCA替代方案目前尚未在GmSSL中实现
|
||
|
||
=item B<-no_public>
|
||
|
||
This option omits the public key components from the private key output.
|
||
|
||
该指令省略了私钥输出中的公钥组件。
|
||
|
||
=item B<-check>
|
||
|
||
this option checks the consistency of an EC private or public key.
|
||
|
||
该指令检查了EC私钥或公钥的一致性。
|
||
|
||
=item B<-engine id>
|
||
|
||
specifying an engine (by its unique B<id> string) will cause B<ec>
|
||
to attempt to obtain a functional reference to the specified engine,
|
||
thus initialising it if needed. The engine will then be set as the default
|
||
for all available algorithms.
|
||
|
||
指定引擎。
|
||
|
||
=back
|
||
|
||
=head1 NOTES
|
||
|
||
The PEM private key format uses the header and footer lines:
|
||
|
||
-----BEGIN EC PRIVATE KEY-----
|
||
-----END EC PRIVATE KEY-----
|
||
|
||
The PEM public key format uses the header and footer lines:
|
||
|
||
-----BEGIN PUBLIC KEY-----
|
||
-----END PUBLIC KEY-----
|
||
|
||
=head1 EXAMPLES
|
||
|
||
To encrypt a private key using triple DES:
|
||
|
||
gmssl ec -in key.pem -des3 -out keyout.pem
|
||
|
||
To convert a private key from PEM to DER format:
|
||
|
||
gmssl ec -in key.pem -outform DER -out keyout.der
|
||
|
||
To print out the components of a private key to standard output:
|
||
|
||
gmssl ec -in key.pem -text -noout
|
||
|
||
To just output the public part of a private key:
|
||
|
||
gmssl ec -in key.pem -pubout -out pubkey.pem
|
||
|
||
To change the parameters encoding to B<explicit>:
|
||
|
||
gmssl ec -in key.pem -param_enc explicit -out keyout.pem
|
||
|
||
To change the point conversion form to B<compressed>:
|
||
|
||
gmssl ec -in key.pem -conv_form compressed -out keyout.pem
|
||
|
||
=head1 SEE ALSO
|
||
|
||
L<ecparam(1)>, L<dsa(1)>, L<rsa(1)>
|
||
|
||
=head1 COPYRIGHT
|
||
|
||
Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||
|
||
Licensed under the GmSSL license (the "License"). You may not use
|
||
this file except in compliance with the License. You can obtain a copy
|
||
in the file LICENSE in the source distribution or at
|
||
L<https://www.openssl.org/source/license.html>.
|
||
|
||
=cut
|