mirror of
https://github.com/openssl/openssl.git
synced 2025-01-18 13:44:20 +08:00
73 lines
1.4 KiB
Plaintext
73 lines
1.4 KiB
Plaintext
=pod
|
|
|
|
=head1 NAME
|
|
|
|
gendh - DH parameter generation
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
B<openssl gendh>
|
|
[B<-out filename>]
|
|
[B<-2>]
|
|
[B<-5>]
|
|
[B<-rand file:file>]
|
|
[numbits]
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
This command is used to generate DH parameter files.
|
|
|
|
=head1 OPTIONS
|
|
|
|
=over 4
|
|
|
|
=item B<-out filename>
|
|
|
|
This specifies the output filename parameters to. Standard output is used
|
|
if this option is not present. The output format is a base64 encoded form of
|
|
a PKCS#5 DHParameter structure.
|
|
|
|
=item B<-2>, B<-5>
|
|
|
|
The generator to use, either 2 or 5. 2 is the default.
|
|
|
|
=item B<-rand file:file>
|
|
|
|
a file or files containing random data used to seed the random number
|
|
generator. Multiple files can be specified separated by B<:>.
|
|
|
|
=item B<numbits>
|
|
|
|
this option specifies that a parameter set should be generated of size
|
|
B<numbits>. It must be the last option. If not present then a value of 512
|
|
is used.
|
|
|
|
=back
|
|
|
|
=head1 NOTES
|
|
|
|
PEM format DH parameters use the header and footer lines:
|
|
|
|
-----BEGIN DH PARAMETERS-----
|
|
-----END DH PARAMETERS-----
|
|
|
|
DH parameter generation is a slow process and as a result the same set of
|
|
DH parameters is often reused.
|
|
|
|
OpenSSL currently uses PKCS#3 DH not the more recent X9.42 DH.
|
|
|
|
This program creates DH parameters only, not DH keys.
|
|
|
|
=head1 BUGS
|
|
|
|
The program is badly named. The programs B<gendsa> and B<genrsa> generate
|
|
actual keys and not parameters.
|
|
|
|
There should be a way to generate and manipulate DH keys.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
dsaparam(1)
|
|
|
|
=cut
|