]>
Commit | Line | Data |
---|---|---|
ef7eaa4c | 1 | =pod |
625c781d | 2 | {- OpenSSL::safe::output_do_not_edit_headers(); -} |
9fcb9702 | 3 | |
ef7eaa4c DSH |
4 | =head1 NAME |
5 | ||
b6b66573 | 6 | openssl-dhparam - DH parameter manipulation and generation |
ef7eaa4c DSH |
7 | |
8 | =head1 SYNOPSIS | |
9 | ||
41918458 | 10 | B<openssl dhparam> |
169394d4 | 11 | [B<-help>] |
e8769719 RS |
12 | [B<-inform> B<DER>|B<PEM>] |
13 | [B<-outform> B<DER>|B<PEM>] | |
41918458 BM |
14 | [B<-in> I<filename>] |
15 | [B<-out> I<filename>] | |
16 | [B<-dsaparam>] | |
fc1d88f0 | 17 | [B<-check>] |
ef7eaa4c DSH |
18 | [B<-noout>] |
19 | [B<-text>] | |
20 | [B<-C>] | |
09483c58 | 21 | [B<-2>] |
a38c878c | 22 | [B<-3>] |
09483c58 | 23 | [B<-5>] |
018aaeb4 | 24 | {- $OpenSSL::safe::opt_engine_synopsis -} |
9fcb9702 | 25 | {- $OpenSSL::safe::opt_r_synopsis -} |
6bd4e3f2 | 26 | {- $OpenSSL::safe::opt_provider_synopsis -} |
41918458 | 27 | [I<numbits>] |
ef7eaa4c | 28 | |
9f3c076b | 29 | =for openssl ifdef dsaparam engine |
1738c0ce | 30 | |
ef7eaa4c DSH |
31 | =head1 DESCRIPTION |
32 | ||
1ddf2594 P |
33 | This command has been deprecated. |
34 | The L<openssl-pkeyparam(1)> command should be used instead. | |
35 | ||
ef7eaa4c DSH |
36 | This command is used to manipulate DH parameter files. |
37 | ||
38 | =head1 OPTIONS | |
39 | ||
40 | =over 4 | |
41 | ||
169394d4 MR |
42 | =item B<-help> |
43 | ||
44 | Print out a usage message. | |
45 | ||
777182a0 | 46 | =item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM> |
ef7eaa4c | 47 | |
777182a0 RS |
48 | The input format and output format; the default is B<PEM>. |
49 | The object is compatible with the PKCS#3 B<DHparameter> structure. | |
50 | See L<openssl(1)/Format Options> for details. | |
ef7eaa4c | 51 | |
41918458 | 52 | =item B<-in> I<filename> |
ef7eaa4c DSH |
53 | |
54 | This specifies the input filename to read parameters from or standard input if | |
55 | this option is not specified. | |
56 | ||
41918458 | 57 | =item B<-out> I<filename> |
ef7eaa4c DSH |
58 | |
59 | This specifies the output filename parameters to. Standard output is used | |
60 | if this option is not present. The output filename should B<not> be the same | |
61 | as the input filename. | |
62 | ||
41918458 BM |
63 | =item B<-dsaparam> |
64 | ||
65 | If this option is used, DSA rather than DH parameters are read or created; | |
66 | they are converted to DH format. Otherwise, "strong" primes (such | |
67 | that (p-1)/2 is also prime) will be used for DH parameter generation. | |
68 | ||
69 | DH parameter generation with the B<-dsaparam> option is much faster, | |
70 | and the recommended exponent length is shorter, which makes DH key | |
71 | exchange more efficient. Beware that with such DSA-style DH | |
72 | parameters, a fresh DH key should be created for each use to | |
73 | avoid small-subgroup attacks that may be possible otherwise. | |
74 | ||
fc1d88f0 RS |
75 | =item B<-check> |
76 | ||
eeb21772 MC |
77 | Performs numerous checks to see if the supplied parameters are valid and |
78 | displays a warning if not. | |
fc1d88f0 | 79 | |
a38c878c | 80 | =item B<-2>, B<-3>, B<-5> |
09483c58 | 81 | |
a38c878c | 82 | The generator to use, either 2, 3 or 5. If present then the |
b5a379aa | 83 | input file is ignored and parameters are generated instead. If not |
2f0ea936 | 84 | present but I<numbits> is present, parameters are generated with the |
b5a379aa | 85 | default generator 2. |
09483c58 | 86 | |
41918458 | 87 | =item I<numbits> |
09483c58 | 88 | |
c4de074e | 89 | This option specifies that a parameter set should be generated of size |
b5a379aa EK |
90 | I<numbits>. It must be the last option. If this option is present then |
91 | the input file is ignored and parameters are generated instead. If | |
6de1fe90 | 92 | this option is not present but a generator (B<-2>, B<-3> or B<-5>) is |
b5a379aa | 93 | present, parameters are generated with a default length of 2048 bits. |
6de1fe90 | 94 | The minimim length is 512 bits. The maximum length is 10000 bits. |
09483c58 | 95 | |
ef7eaa4c DSH |
96 | =item B<-noout> |
97 | ||
c4de074e | 98 | This option inhibits the output of the encoded version of the parameters. |
ef7eaa4c DSH |
99 | |
100 | =item B<-text> | |
101 | ||
c4de074e | 102 | This option prints out the DH parameters in human readable form. |
ef7eaa4c DSH |
103 | |
104 | =item B<-C> | |
105 | ||
c4de074e | 106 | This option converts the parameters into C code. The parameters can then |
bbd86bf5 | 107 | be loaded by calling the get_dhNNNN() function. |
ef7eaa4c | 108 | |
018aaeb4 | 109 | {- $OpenSSL::safe::opt_engine_item -} |
bfa35550 | 110 | |
9fcb9702 RS |
111 | {- $OpenSSL::safe::opt_r_item -} |
112 | ||
6bd4e3f2 P |
113 | {- $OpenSSL::safe::opt_provider_item -} |
114 | ||
ef7eaa4c DSH |
115 | =back |
116 | ||
117 | =head1 NOTES | |
118 | ||
fadb57e5 RS |
119 | This command replaces the B<dh> and B<gendh> commands of previous |
120 | releases. | |
121 | ||
ef7eaa4c DSH |
122 | OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42 |
123 | DH. | |
124 | ||
fadb57e5 | 125 | This command manipulates DH parameters not keys. |
ef7eaa4c DSH |
126 | |
127 | =head1 BUGS | |
128 | ||
ef7eaa4c DSH |
129 | There should be a way to generate and manipulate DH keys. |
130 | ||
131 | =head1 SEE ALSO | |
132 | ||
b6b66573 | 133 | L<openssl(1)>, |
1ddf2594 | 134 | L<openssl-pkeyparam(1)>, |
b6b66573 | 135 | L<openssl-dsaparam(1)> |
ef7eaa4c | 136 | |
1ddf2594 P |
137 | =head1 HISTORY |
138 | ||
139 | This command was deprecated in OpenSSL 3.0. | |
140 | ||
e2f92610 RS |
141 | =head1 COPYRIGHT |
142 | ||
33388b44 | 143 | Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 144 | |
449040b4 | 145 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
146 | this file except in compliance with the License. You can obtain a copy |
147 | in the file LICENSE in the source distribution or at | |
148 | L<https://www.openssl.org/source/license.html>. | |
149 | ||
150 | =cut |