suzanne.soy/man-pages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
gh-pages
man-pages/man1/dhparam.1ssl.html
Suzanne Soy 4c89183f2b Added man pages from my system
2021-03-31 01:06:50 +01:00

228 lines
6.5 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of DHPARAM</TITLE>
</HEAD><BODY>
<H1>DHPARAM</H1>
Section: OpenSSL (1SSL)<BR>Updated: 2021-03-22<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
openssl-dhparam, dhparam - DH parameter manipulation and generation
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<B>openssl dhparam</B>
[<B>-help</B>]
[<B>-inform DER|PEM</B>]
[<B>-outform DER|PEM</B>]
[<B>-in</B> <I>filename</I>]
[<B>-out</B> <I>filename</I>]
[<B>-dsaparam</B>]
[<B>-check</B>]
[<B>-noout</B>]
[<B>-text</B>]
[<B>-C</B>]
[<B>-2</B>]
[<B>-5</B>]
[<B>-rand file...</B>]
[<B>-writerand file</B>]
[<B>-engine id</B>]
[<I>numbits</I>]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
This command is used to manipulate <FONT SIZE="-1">DH</FONT> parameter files.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT id="1"><B>-help</B><DD>
Print out a usage message.
<DT id="2"><B>-inform DER|PEM</B><DD>
This specifies the input format. The <B></B><FONT SIZE="-1"><B>DER</B></FONT><B></B> option uses an <FONT SIZE="-1">ASN1 DER</FONT> encoded
form compatible with the PKCS#3 DHparameter structure. The <FONT SIZE="-1">PEM</FONT> form is the
default format: it consists of the <B></B><FONT SIZE="-1"><B>DER</B></FONT><B></B> format base64 encoded with
additional header and footer lines.
<DT id="3"><B>-outform DER|PEM</B><DD>
This specifies the output format, the options have the same meaning and default
as the <B>-inform</B> option.
<DT id="4"><B>-in</B> <I>filename</I><DD>
This specifies the input filename to read parameters from or standard input if
this option is not specified.
<DT id="5"><B>-out</B> <I>filename</I><DD>
This specifies the output filename parameters to. Standard output is used
if this option is not present. The output filename should <B>not</B> be the same
as the input filename.
<DT id="6"><B>-dsaparam</B><DD>
If this option is used, <FONT SIZE="-1">DSA</FONT> rather than <FONT SIZE="-1">DH</FONT> parameters are read or created;
they are converted to <FONT SIZE="-1">DH</FONT> format. Otherwise, ``strong'' primes (such
that (p-1)/2 is also prime) will be used for <FONT SIZE="-1">DH</FONT> parameter generation.
<P>
<FONT SIZE="-1">DH</FONT> parameter generation with the <B>-dsaparam</B> option is much faster,
and the recommended exponent length is shorter, which makes <FONT SIZE="-1">DH</FONT> key
exchange more efficient. Beware that with such DSA-style <FONT SIZE="-1">DH</FONT>
parameters, a fresh <FONT SIZE="-1">DH</FONT> key should be created for each use to
avoid small-subgroup attacks that may be possible otherwise.
<DT id="7"><B>-check</B><DD>
Performs numerous checks to see if the supplied parameters are valid and
displays a warning if not.
<DT id="8"><B>-2</B>, <B>-5</B><DD>
The generator to use, either 2 or 5. If present then the
input file is ignored and parameters are generated instead. If not
present but <B>numbits</B> is present, parameters are generated with the
default generator 2.
<DT id="9"><B>-rand file...</B><DD>
A file or files containing random data used to seed the random number
generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is <B>;</B> for MS-Windows, <B>,</B> for OpenVMS, and <B>:</B> for
all others.
<DT id="10">[<B>-writerand file</B>]<DD>
Writes random data to the specified <I>file</I> upon exit.
This can be used with a subsequent <B>-rand</B> flag.
<DT id="11"><I>numbits</I><DD>
This option specifies that a parameter set should be generated of size
<I>numbits</I>. It must be the last option. If this option is present then
the input file is ignored and parameters are generated instead. If
this option is not present but a generator (<B>-2</B> or <B>-5</B>) is
present, parameters are generated with a default length of 2048 bits.
<DT id="12"><B>-noout</B><DD>
This option inhibits the output of the encoded version of the parameters.
<DT id="13"><B>-text</B><DD>
This option prints out the <FONT SIZE="-1">DH</FONT> parameters in human readable form.
<DT id="14"><B>-C</B><DD>
This option converts the parameters into C code. The parameters can then
be loaded by calling the <B>get_dhNNNN()</B> function.
<DT id="15"><B>-engine id</B><DD>
Specifying an engine (by its unique <B>id</B> string) will cause <B>dhparam</B>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>WARNINGS</H2>
The program <B>dhparam</B> combines the functionality of the programs <B>dh</B> and
<B>gendh</B> in previous versions of OpenSSL. The <B>dh</B> and <B>gendh</B>
programs are retained for now but may have different purposes in future
versions of OpenSSL.
<A NAME="lbAG">&nbsp;</A>
<H2>NOTES</H2>
<FONT SIZE="-1">PEM</FONT> format <FONT SIZE="-1">DH</FONT> parameters use the header and footer lines:
<P>
<PRE>
-----BEGIN DH PARAMETERS-----
-----END DH PARAMETERS-----
</PRE>
<P>
OpenSSL currently only supports the older PKCS#3 <FONT SIZE="-1">DH,</FONT> not the newer X9.42
<FONT SIZE="-1">DH.</FONT>
<P>
This program manipulates <FONT SIZE="-1">DH</FONT> parameters not keys.
<A NAME="lbAH">&nbsp;</A>
<H2>BUGS</H2>
There should be a way to generate and manipulate <FONT SIZE="-1">DH</FONT> keys.
<A NAME="lbAI">&nbsp;</A>
<H2>SEE ALSO</H2>
<B><A HREF="/cgi-bin/man/man2html?1+dsaparam">dsaparam</A></B>(1)
<A NAME="lbAJ">&nbsp;</A>
<H2>COPYRIGHT</H2>
Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
<P>
Licensed under the OpenSSL license (the ``License''). You may not use
this file except in compliance with the License. You can obtain a copy
in the file <FONT SIZE="-1">LICENSE</FONT> in the source distribution or at
&lt;<A HREF="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</A>&gt;.
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="16"><A HREF="#lbAB">NAME</A><DD>
<DT id="17"><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT id="18"><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT id="19"><A HREF="#lbAE">OPTIONS</A><DD>
<DT id="20"><A HREF="#lbAF">WARNINGS</A><DD>
<DT id="21"><A HREF="#lbAG">NOTES</A><DD>
<DT id="22"><A HREF="#lbAH">BUGS</A><DD>
<DT id="23"><A HREF="#lbAI">SEE ALSO</A><DD>
<DT id="24"><A HREF="#lbAJ">COPYRIGHT</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:05:10 GMT, March 31, 2021
</BODY>
</HTML>
Reference in New Issue View Git Blame Copy Permalink