openssl-gendsa(1ssl) - Man pages

dwww Home | Manual pages | Find package
OPENSSL-GENDSA(1SSL)                OpenSSL               OPENSSL-GENDSA(1SSL)

NAME
       openssl-gendsa - generate a DSA private key from a set of parameters

SYNOPSIS
       openssl gendsa [-help] [-out filename] [-passout arg] [-aes128]
       [-aes192] [-aes256] [-aria128] [-aria192] [-aria256] [-camellia128]
       [-camellia192] [-camellia256] [-des] [-des3] [-idea] [-verbose] [-rand
       files] [-writerand file] [-engine id] [-provider name] [-provider-path
       path] [-propquery propq] [paramfile]

DESCRIPTION
       This command generates a DSA private key from a DSA parameter file
       (which will be typically generated by the openssl-dsaparam(1) command).

OPTIONS
       -help
           Print out a usage message.

       -out filename
           Output  the  key  to  the  specified  file. If this argument is not
           specified then standard output is used.

       -passout arg
           The    passphrase    used    for    the    output    file.      See
           openssl-passphrase-options(1).

       -aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128,
       -camellia192, -camellia256, -des, -des3, -idea
           These  options encrypt the private key with specified cipher before
           outputting it. A pass phrase is prompted for.   If  none  of  these
           options is specified no encryption is used.

           Note  that all options must be given before the paramfile argument.
           Otherwise they are ignored.

       -verbose
           Print extra details about the operations being performed.

       -rand files, -writerand file
           See "Random State Options" in openssl(1) for details.

       -engine id
           See "Engine Options" in openssl(1).  This option is deprecated.

       paramfile
           The DSA  parameter  file  to  use.  The  parameters  in  this  file
           determine  the  size  of  the  private  key.  DSA parameters can be
           generated and examined using the openssl-dsaparam(1) command.

       -provider name
       -provider-path path
       -propquery propq
           See "Provider Options" in openssl(1), provider(7), and property(7).

NOTES
       DSA key generation is little more than random number generation  so  it
       is much quicker that RSA key generation for example.

SEE ALSO
       openssl(1),  openssl-genpkey(1),  openssl-dsaparam(1),  openssl-dsa(1),
       openssl-genrsa(1), openssl-rsa(1)

HISTORY
       The -engine option was deprecated in OpenSSL 3.0.

COPYRIGHT
       Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.

       Licensed under the Apache License 2.0 (the "License").  You may not use
       this file except in compliance with the License.  You can obtain a copy
       in   the   file   LICENSE   in   the   source   distribution   or    at
       <https://www.openssl.org/source/license.html>.

3.0.13                            2025-09-18              OPENSSL-GENDSA(1SSL)
Generated by dwww version 1.16 on Tue Dec 16 14:24:43 CET 2025.