[thirdparty/openssl.git] / doc / apps / dhparam.pod

=pod

=head1 NAME

dhparam - DH parameter manipulation and generation

=head1 SYNOPSIS

B<openssl dh>
[B<-inform DER|PEM>]
[B<-outform DER|PEM>]
[B<-in filename>]
[B<-out filename>]
[B<-noout>]
[B<-text>]
[B<-C>]
[B<-2>]
[B<-5>]
[B<-rand file(s)>]
[numbits]

=head1 DESCRIPTION

This command is used to manipulate DH parameter files.

=head1 OPTIONS

=over 4

=item B<-inform DER|PEM>

This specifies the input format. The B<DER> option uses an ASN1 DER encoded
form compatible with the PKCS#3 DHparameter structure. The PEM form is the
default format: it consists of the B<DER> format base64 encoded with
additional header and footer lines.

=item B<-outform DER|PEM>

This specifies the output format, the options have the same meaning as the 
B<-inform> option.

=item B<-in filename>

This specifies the input filename to read parameters from or standard input if
this option is not specified.

=item B<-out filename>

This specifies the output filename parameters to. Standard output is used
if this option is not present. The output filename should B<not> be the same
as the input filename.

=item B<-2>, B<-5>

The generator to use, either 2 or 5. 2 is the default. If present then the
input file is ignored and parameters are generated instead.

=item B<-rand file(s)>

a file or files containing random data used to seed the random number
generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
Multiple files can be specified separated by a OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
all others.

=item B<numbits>

this option specifies that a parameter set should be generated of size
B<numbits>. It must be the last option. If not present then a value of 512
is used. If this option is present then the input file is ignored and 
parameters are generated instead.

=item B<-noout>

this option inhibits the output of the encoded version of the parameters.

=item B<-text>

this option prints out the DH parameters in human readable form.

=item B<-C>

this option converts the parameters into C code. The parameters can then
be loaded by calling the B<get_dhXXX()> function.

=back

=head1 WARNINGS

The program B<dhparam> combines the functionality of the programs B<dh> and
B<gendh> in previous versions of OpenSSL and SSLeay. The B<dh> and B<gendh>
programs are retained for now but may have different purposes in future 
versions of OpenSSL.

=head1 NOTES

PEM format DH parameters use the header and footer lines:

 -----BEGIN DH PARAMETERS-----
 -----END DH PARAMETERS-----

OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42
DH.

This program manipulates DH parameters not keys.

=head1 BUGS

There should be a way to generate and manipulate DH keys.

=head1 SEE ALSO

L<dsaparam(1)|dsaparam(1)>

=cut
Commit	Line	Data
ef7eaa4c DSH	1	=pod
	2
	3	=head1 NAME
	4
09483c58	5	dhparam - DH parameter manipulation and generation
ef7eaa4c DSH	6
	7	=head1 SYNOPSIS
	8
	9	B<openssl dh>
	10	[B<-inform DER\|PEM>]
	11	[B<-outform DER\|PEM>]
	12	[B<-in filename>]
	13	[B<-out filename>]
	14	[B<-noout>]
	15	[B<-text>]
	16	[B<-C>]
09483c58 DSH	17	[B<-2>]
	18	[B<-5>]
	19	[B<-rand file(s)>]
	20	[numbits]
ef7eaa4c DSH	21
	22	=head1 DESCRIPTION
	23
	24	This command is used to manipulate DH parameter files.
	25
	26	=head1 OPTIONS
	27
	28	=over 4
	29
	30	=item B<-inform DER\|PEM>
	31
	32	This specifies the input format. The B<DER> option uses an ASN1 DER encoded
	33	form compatible with the PKCS#3 DHparameter structure. The PEM form is the
	34	default format: it consists of the B<DER> format base64 encoded with
	35	additional header and footer lines.
	36
	37	=item B<-outform DER\|PEM>
	38
	39	This specifies the output format, the options have the same meaning as the
	40	B<-inform> option.
	41
	42	=item B<-in filename>
	43
	44	This specifies the input filename to read parameters from or standard input if
	45	this option is not specified.
	46
	47	=item B<-out filename>
	48
	49	This specifies the output filename parameters to. Standard output is used
	50	if this option is not present. The output filename should B<not> be the same
	51	as the input filename.
	52
09483c58 DSH	53	=item B<-2>, B<-5>
	54
	55	The generator to use, either 2 or 5. 2 is the default. If present then the
	56	input file is ignored and parameters are generated instead.
	57
	58	=item B<-rand file(s)>
	59
	60	a file or files containing random data used to seed the random number
a4cfd178 UM	61	generator, or an EGD socket (see L<RAND_egd(3)\|RAND_egd(3)>).
	62	Multiple files can be specified separated by a OS-dependent character.
	63	The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for
	64	all others.
09483c58 DSH	65
	66	=item B<numbits>
	67
	68	this option specifies that a parameter set should be generated of size
	69	B<numbits>. It must be the last option. If not present then a value of 512
	70	is used. If this option is present then the input file is ignored and
	71	parameters are generated instead.
	72
ef7eaa4c DSH	73	=item B<-noout>
	74
	75	this option inhibits the output of the encoded version of the parameters.
	76
	77	=item B<-text>
	78
	79	this option prints out the DH parameters in human readable form.
	80
	81	=item B<-C>
	82
	83	this option converts the parameters into C code. The parameters can then
	84	be loaded by calling the B<get_dhXXX()> function.
	85
	86	=back
	87
09483c58 DSH	88	=head1 WARNINGS
	89
	90	The program B<dhparam> combines the functionality of the programs B<dh> and
	91	B<gendh> in previous versions of OpenSSL and SSLeay. The B<dh> and B<gendh>
	92	programs are retained for now but may have different purposes in future
	93	versions of OpenSSL.
	94
ef7eaa4c DSH	95	=head1 NOTES
	96
	97	PEM format DH parameters use the header and footer lines:
	98
	99	-----BEGIN DH PARAMETERS-----
	100	-----END DH PARAMETERS-----
	101
	102	OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42
	103	DH.
	104
	105	This program manipulates DH parameters not keys.
	106
	107	=head1 BUGS
	108
ef7eaa4c DSH	109	There should be a way to generate and manipulate DH keys.
	110
	111	=head1 SEE ALSO
	112
bb075f88	113	L<dsaparam(1)\|dsaparam(1)>
ef7eaa4c DSH	114
ef7eaa4c DSH	115	=cut