pkeyparam.1s

pkeyparam [options] [input_file]
pkeyparam --help

input_file
    The path to the file containing the public key parameters or a public key from which parameters can be extracted. If omitted, input is read from standard input (stdin).

--in FILE
    Specifies the input file from which to read the public key parameters. This option can be used as an alternative to providing the file as a positional argument.

--inform FORMAT
    Specifies the input format of the key file. Common formats include PEM (Privacy-Enhanced Mail, default) and DER (Distinguished Encoding Rules). PEM is a base64-encoded ASCII format, while DER is a binary format.

--dump
    Prints the parameters in hexadecimal format, useful for low-level debugging or direct analysis of the encoded data.

--noout
    Prevents the command from printing the encoded key or parameter data itself, focusing solely on the extracted parameters if other display options are used.

--text
    Outputs the parameters in a human-readable text format, typically showing the cryptographic values (p, g, q, etc.) in decimal or hexadecimal representation. This is often the default output style.

--help
    Displays a brief usage message and exits.

The pkeyparam command (often found as pki_pkeyparam in various PKI toolsets) is a utility designed to inspect and display the cryptographic parameters associated with a public key. These parameters are crucial for asymmetric cryptographic algorithms such as Diffie-Hellman (DH) and Digital Signature Algorithm (DSA), where a set of shared parameters (e.g., a prime modulus, a generator, and optionally a subprime) are used to derive individual public and private keys. The command typically reads the key or parameter set from a specified file, which can be in various standard formats like PEM or DER. It then parses the cryptographic structure to extract and present the relevant parameters, such as the prime 'p', generator 'g', and optionally a subprime 'q' for DSA. This tool is invaluable for verifying key parameters, debugging cryptographic operations, or ensuring compatibility between different cryptographic systems that rely on shared parameter sets.

The pkeyparam command, as referred by pkeyparam.1s, is not a standard GNU Core Utilities command. It is most commonly found as pki_pkeyparam within specific PKI (Public Key Infrastructure) toolsets, such as those provided by Dogtag PKI or other specialized security frameworks on Linux distributions like Fedora, CentOS, or RHEL. Its availability depends on the installation of such specialized security packages. Users on other systems might need to look for equivalent functionality in general-purpose cryptographic tools like openssl (e.g., openssl dhparam or openssl dsaparam for generating or examining parameters) or other cryptographic libraries.

The pkeyparam command is primarily designed to handle parameters for algorithms like Diffie-Hellman (DH) and Digital Signature Algorithm (DSA). These algorithms require a set of shared public parameters (e.g., prime modulus 'p', generator 'g', and for DSA, an optional subprime 'q') that are used by all parties to derive their individual public/private key pairs. The command helps in verifying that these parameters are correctly configured and shared across cryptographic systems.

The command typically accepts key parameter files in common cryptographic formats such as PEM (Privacy-Enhanced Mail) and DER (Distinguished Encoding Rules). PEM is a base64-encoded ASCII format, often human-readable and enclosed by '-----BEGIN ...-----' and '-----END ...-----' markers. DER is a binary format that represents the same data in a more compact, machine-readable form. The --inform option allows specifying the format if it cannot be automatically detected, though the command often attempts to auto-detect.

The functionality to display public key parameters has been a core component of cryptographic toolkits for decades, stemming from the need to manage and verify shared parameters for algorithms like Diffie-Hellman and DSA. The specific pkeyparam (or more commonly, pki_pkeyparam) command emerged as part of dedicated Public Key Infrastructure (PKI) management suites, particularly those developed to support enterprise-level certificate authority and identity management systems. Its development parallels the growth of robust PKI solutions, providing a specialized utility distinct from the broader key management functions offered by general-purpose tools like OpenSSL.

openssl(1), openssl dhparam(1), openssl dsaparam(1), pki_key(1)