]>
Commit | Line | Data |
---|---|---|
ef7eaa4c DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
09483c58 | 5 | dhparam - DH parameter manipulation and generation |
ef7eaa4c DSH |
6 | |
7 | =head1 SYNOPSIS | |
8 | ||
9 | B<openssl dh> | |
10 | [B<-inform DER|PEM>] | |
11 | [B<-outform DER|PEM>] | |
12 | [B<-in filename>] | |
13 | [B<-out filename>] | |
14 | [B<-noout>] | |
15 | [B<-text>] | |
16 | [B<-C>] | |
09483c58 DSH |
17 | [B<-2>] |
18 | [B<-5>] | |
19 | [B<-rand file(s)>] | |
20 | [numbits] | |
ef7eaa4c DSH |
21 | |
22 | =head1 DESCRIPTION | |
23 | ||
24 | This command is used to manipulate DH parameter files. | |
25 | ||
26 | =head1 OPTIONS | |
27 | ||
28 | =over 4 | |
29 | ||
30 | =item B<-inform DER|PEM> | |
31 | ||
32 | This specifies the input format. The B<DER> option uses an ASN1 DER encoded | |
33 | form compatible with the PKCS#3 DHparameter structure. The PEM form is the | |
34 | default format: it consists of the B<DER> format base64 encoded with | |
35 | additional header and footer lines. | |
36 | ||
37 | =item B<-outform DER|PEM> | |
38 | ||
39 | This specifies the output format, the options have the same meaning as the | |
40 | B<-inform> option. | |
41 | ||
42 | =item B<-in filename> | |
43 | ||
44 | This specifies the input filename to read parameters from or standard input if | |
45 | this option is not specified. | |
46 | ||
47 | =item B<-out filename> | |
48 | ||
49 | This specifies the output filename parameters to. Standard output is used | |
50 | if this option is not present. The output filename should B<not> be the same | |
51 | as the input filename. | |
52 | ||
09483c58 DSH |
53 | =item B<-2>, B<-5> |
54 | ||
55 | The generator to use, either 2 or 5. 2 is the default. If present then the | |
56 | input file is ignored and parameters are generated instead. | |
57 | ||
58 | =item B<-rand file(s)> | |
59 | ||
60 | a file or files containing random data used to seed the random number | |
a4cfd178 UM |
61 | generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). |
62 | Multiple files can be specified separated by a OS-dependent character. | |
63 | The separator is B<;> for MS-Windows, B<,> for OpenVSM, and B<:> for | |
64 | all others. | |
09483c58 DSH |
65 | |
66 | =item B<numbits> | |
67 | ||
68 | this option specifies that a parameter set should be generated of size | |
69 | B<numbits>. It must be the last option. If not present then a value of 512 | |
70 | is used. If this option is present then the input file is ignored and | |
71 | parameters are generated instead. | |
72 | ||
ef7eaa4c DSH |
73 | =item B<-noout> |
74 | ||
75 | this option inhibits the output of the encoded version of the parameters. | |
76 | ||
77 | =item B<-text> | |
78 | ||
79 | this option prints out the DH parameters in human readable form. | |
80 | ||
81 | =item B<-C> | |
82 | ||
83 | this option converts the parameters into C code. The parameters can then | |
84 | be loaded by calling the B<get_dhXXX()> function. | |
85 | ||
86 | =back | |
87 | ||
09483c58 DSH |
88 | =head1 WARNINGS |
89 | ||
90 | The program B<dhparam> combines the functionality of the programs B<dh> and | |
91 | B<gendh> in previous versions of OpenSSL and SSLeay. The B<dh> and B<gendh> | |
92 | programs are retained for now but may have different purposes in future | |
93 | versions of OpenSSL. | |
94 | ||
ef7eaa4c DSH |
95 | =head1 NOTES |
96 | ||
97 | PEM format DH parameters use the header and footer lines: | |
98 | ||
99 | -----BEGIN DH PARAMETERS----- | |
100 | -----END DH PARAMETERS----- | |
101 | ||
102 | OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42 | |
103 | DH. | |
104 | ||
105 | This program manipulates DH parameters not keys. | |
106 | ||
107 | =head1 BUGS | |
108 | ||
ef7eaa4c DSH |
109 | There should be a way to generate and manipulate DH keys. |
110 | ||
111 | =head1 SEE ALSO | |
112 | ||
bb075f88 | 113 | L<dsaparam(1)|dsaparam(1)> |
ef7eaa4c DSH |
114 | |
115 | =cut |