If just gost2001 is specified a parameter set should be specified by -pkeyopt paramset:X -pkeyopt opt:value ec:filename generates EC key (usable both with ECDSA or ECDH algorithms), gost2001:filename generates GOST R 34.10-2001 key (requires ccgost engine configured in the configuration file). algname just uses algorithm algname, and parameters, if neccessary should be specified via -pkeyopt parameter.ĭsa:filename generates a DSA key using the parameters in the file filename. algname:file use algorithm algname and parameter file file: the two algorithms must match or an error occurs. Param:file generates a key using the parameter file or certificate file, the algorithm is determined by the parameters. newkey rsa specified, the default key size, specified in the configuration file is used.Īll other algorithms support the -newkey alg:file form, where file may be an algorithm parameter file, created by the genpkey -genparam command or and X.509 certificate for a key with approriate algorithm. rsa:nbits, where nbits is the number of bits, generates an RSA key nbits in size. This option creates a new certificate request and a new private key. The separator is for MS-Windows,, for OpenVMS, and : for all others. Multiple files can be specified separated by a OS-dependent character. rand file(s)Ī file or files containing random data used to seed the random number generator, or an EGD socket (see RAND_egd(3)). The arg must be formatted as /type0=value0/type1=value1/type2=., characters may be escaped by \ (backslash), no spaces are skipped. Replaces subject field of input request with specified data and outputs modified request. If the -key option is not used it will generate a new RSA private key using information specified in the configuration file.
The actual fields prompted for and their maximum and minimum sizes are specified in the configuration file and any requested extensions. It will prompt the user for the relevant field values. This option generates a new certificate request. This option prints out the value of the modulus of the public key contained in the request. This option prevents output of the encoded version of the request. Prints out the request subject (or certificate subject if -x509 is specified) -pubkey Prints out the certificate request in text form. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1). This specifies the output filename to write to or standard output by default. A request is only read if the creation options ( -new and -newkey) are not specified. This specifies the input filename to read a request from or standard input if this option is not specified. This specifies the output format, the options have the same meaning as the -inform option.
The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines. The DER option uses an ASN1 DER encoded form compatible with the PKCS#10. It can additionally create self signed certificates for use as root CAs for example. The req command primarily creates and processes certificate requests in PKCS#10 format. Openssl-req, req - PKCS#10 certificate request and certificate generating utility.
0 kommentar(er)
