LinuxCommandLibrary

ecparam.1s

Generate or display elliptic curve parameters

SYNOPSIS

ecparam [-help] [-in file] [-inform DER|PEM] [-out file] [-outform DER|PEM] [-noout] [-text] [-param_enc named|implicit|explicit] [-name name] [-conv_form compressed|uncompressed|hybrid] [-check] [-genkey] [-list_curves] [nid]

PARAMETERS

-help
    Display usage information and exit

-in file
    Input file containing EC parameters

-inform DER|PEM
    Input format; default is PEM

-noout
    Do not output encoded parameters

-out file
    Output file for parameters or key

-outform DER|PEM
    Output format; default is PEM

-param_enc named|implicit|explicit
    Parameter encoding; default named

-name name
    Specify curve by name (e.g., secp256r1)

-conv_form compressed|uncompressed|hybrid
    Point conversion form for generator

-check
    Validate EC parameters

-text
    Print parameters in human-readable text

-genkey
    Generate EC private key from parameters

-list_curves
    List all supported elliptic curves

nid
    Curve NID or name as final argument

DESCRIPTION

The ecparam command, part of the OpenSSL toolkit, is used to create, view, validate, and manipulate elliptic curve (EC) parameters essential for elliptic curve cryptography (ECC). ECC provides efficient public-key cryptography with smaller key sizes compared to RSA.

It supports generating parameters for named curves like prime256v1, secp384r1, or secp521r1, printing them in human-readable text or encoded formats (PEM/DER), and generating private keys from parameters. Key features include listing all built-in curves, converting parameter encodings (named, explicit), and validating curve properties.

Common use cases involve setting up secure TLS configurations, creating ECDSA/ECDH keys, or extracting parameters from certificates. Output can be directed to files for use with other OpenSSL tools. The command ensures compatibility with standards like NIST and SECG curves, making it vital for cryptographic applications in Linux environments.

COMMON USAGE

ecparam -list_curves lists curves.
ecparam -name prime256v1 -genkey -out key.pem generates a P-256 key.
ecparam -in params.pem -text -noout displays parameters.

HISTORY

Introduced in OpenSSL 0.9.8 (2005) with initial EC support; enhanced in OpenSSL 1.0.0+ for more curves and formats. Became standalone binary in OpenSSL 3.0 (2021) provider model.

SEE ALSO

openssl(1), genpkey(1), ec(1), x509(1)

Copied to clipboard