Tag | Description |
---|---|
-des|-des3|-idea | These options encrypt the private key with the DES, triple DES, or the IDEA ciphers respectively before outputting it. A pass phrase is prompted for. If none of these options is specified no encryption is used. |
-rand file(s) | a file or files containing random data used to seed the random number generator, or an EGD socket (see RAND_egd(3)). Multiple files can be specified separated by a OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others. |
-engine id | specifying an engine (by its unique id string) will cause req to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. |
paramfile | This option specifies the DSA parameter file to use. The parameters in this file determine the size of the private key. DSA parameters can be generated and examined using the openssl dsaparam command. |
Below example shows creation of DSA key pair and certificate
$ openssl dsaparam -out dsaparam.pem 2048
$ openssl gendsa -des -out dsaprivkey.pem dsaparam.pem Generating DSA key, 2048 bits Enter PEM pass phrase: Verifying - Enter PEM pass phrase:
$ openssl dsa -in dsaprivkey.pem -outform DER -pubout -out dsapubkey.der read DSA key Enter pass phrase for dsaprivkey.pem: writing DSA key
$ openssl pkcs8 -topk8 -inform PEM -outform DER -in dsaprivkey.pem -out dsaprivkey.der -nocrypt Enter pass phrase for dsaprivkey.pem:
$ openssl req -new -x509 -key dsaprivkey.pem -out dsacert.pem Enter pass phrase for dsaprivkey.pem: