openssl-prebuild/linux_amd64/share/doc/openssl/html/man1/openssl-dhparam.html
2020-03-02 16:50:34 +00:00

200 lines
6.8 KiB
HTML
Executable File

<?xml version="1.0" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>openssl-dhparam</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
</head>
<body style="background-color: white">
<!-- INDEX BEGIN -->
<div name="index">
<p><a name="__index__"></a></p>
<ul>
<li><a href="#name">NAME</a></li>
<li><a href="#synopsis">SYNOPSIS</a></li>
<li><a href="#description">DESCRIPTION</a></li>
<li><a href="#options">OPTIONS</a></li>
<li><a href="#notes">NOTES</a></li>
<li><a href="#bugs">BUGS</a></li>
<li><a href="#see_also">SEE ALSO</a></li>
<li><a href="#history">HISTORY</a></li>
<li><a href="#copyright">COPYRIGHT</a></li>
</ul>
<hr name="index" />
</div>
<!-- INDEX END -->
<p>
</p>
<hr />
<h1><a name="name">NAME</a></h1>
<p>openssl-dhparam - DH parameter manipulation and generation</p>
<p>
</p>
<hr />
<h1><a name="synopsis">SYNOPSIS</a></h1>
<p><strong>openssl dhparam</strong>
[<strong>-help</strong>]
[<strong>-inform</strong> <strong>DER</strong>|<strong>PEM</strong>]
[<strong>-outform</strong> <strong>DER</strong>|<strong>PEM</strong>]
[<strong>-in</strong> <em>filename</em>]
[<strong>-out</strong> <em>filename</em>]
[<strong>-dsaparam</strong>]
[<strong>-check</strong>]
[<strong>-noout</strong>]
[<strong>-text</strong>]
[<strong>-C</strong>]
[<strong>-2</strong>]
[<strong>-3</strong>]
[<strong>-5</strong>]
[<strong>-engine</strong> <em>id</em>]
[<strong>-rand</strong> <em>files</em>]
[<strong>-writerand</strong> <em>file</em>]
[<em>numbits</em>]</p>
<p>
</p>
<hr />
<h1><a name="description">DESCRIPTION</a></h1>
<p>This command has been deprecated.
The <em>openssl-pkeyparam(1)</em> command should be used instead.</p>
<p>This command is used to manipulate DH parameter files.</p>
<p>
</p>
<hr />
<h1><a name="options">OPTIONS</a></h1>
<dl>
<dt><strong><a name="help" class="item"><strong>-help</strong></a></strong></dt>
<dd>
<p>Print out a usage message.</p>
</dd>
<dt><strong><a name="inform_der_pem_outform_der_pem" class="item"><strong>-inform</strong> <strong>DER</strong>|<strong>PEM</strong>, <strong>-outform</strong> <strong>DER</strong>|<strong>PEM</strong></a></strong></dt>
<dd>
<p>The input format and output format; the default is <strong>PEM</strong>.
The object is compatible with the PKCS#3 <strong>DHparameter</strong> structure.
See <em>openssl(1)/Format Options</em> for details.</p>
</dd>
<dt><strong><a name="in_filename" class="item"><strong>-in</strong> <em>filename</em></a></strong></dt>
<dd>
<p>This specifies the input filename to read parameters from or standard input if
this option is not specified.</p>
</dd>
<dt><strong><a name="out_filename" class="item"><strong>-out</strong> <em>filename</em></a></strong></dt>
<dd>
<p>This specifies the output filename parameters to. Standard output is used
if this option is not present. The output filename should <strong>not</strong> be the same
as the input filename.</p>
</dd>
<dt><strong><a name="dsaparam" class="item"><strong>-dsaparam</strong></a></strong></dt>
<dd>
<p>If this option is used, DSA rather than DH parameters are read or created;
they are converted to DH format. Otherwise, &quot;strong&quot; primes (such
that (p-1)/2 is also prime) will be used for DH parameter generation.</p>
<p>DH parameter generation with the <strong>-dsaparam</strong> option is much faster,
and the recommended exponent length is shorter, which makes DH key
exchange more efficient. Beware that with such DSA-style DH
parameters, a fresh DH key should be created for each use to
avoid small-subgroup attacks that may be possible otherwise.</p>
</dd>
<dt><strong><a name="check" class="item"><strong>-check</strong></a></strong></dt>
<dd>
<p>Performs numerous checks to see if the supplied parameters are valid and
displays a warning if not.</p>
</dd>
<dt><strong><a name="2_3_5" class="item"><strong>-2</strong>, <strong>-3</strong>, <strong>-5</strong></a></strong></dt>
<dd>
<p>The generator to use, either 2, 3 or 5. If present then the
input file is ignored and parameters are generated instead. If not
present but <em>numbits</em> is present, parameters are generated with the
default generator 2.</p>
</dd>
<dt><strong><a name="numbits" class="item"><em>numbits</em></a></strong></dt>
<dd>
<p>This option specifies that a parameter set should be generated of size
<em>numbits</em>. It must be the last option. If this option is present then
the input file is ignored and parameters are generated instead. If
this option is not present but a generator (<strong>-2</strong>, <strong>-3</strong> or <strong>-5</strong>) is
present, parameters are generated with a default length of 2048 bits.
The minimim length is 512 bits. The maximum length is 10000 bits.</p>
</dd>
<dt><strong><a name="noout" class="item"><strong>-noout</strong></a></strong></dt>
<dd>
<p>This option inhibits the output of the encoded version of the parameters.</p>
</dd>
<dt><strong><a name="text" class="item"><strong>-text</strong></a></strong></dt>
<dd>
<p>This option prints out the DH parameters in human readable form.</p>
</dd>
<dt><strong><a name="c" class="item"><strong>-C</strong></a></strong></dt>
<dd>
<p>This option converts the parameters into C code. The parameters can then
be loaded by calling the <code>get_dhNNNN()</code> function.</p>
</dd>
<dt><strong><a name="engine_id" class="item"><strong>-engine</strong> <em>id</em></a></strong></dt>
<dd>
<p>See <em>openssl(1)/Engine Options</em>.</p>
</dd>
<dt><strong><a name="rand_files_writerand_file" class="item"><strong>-rand</strong> <em>files</em>, <strong>-writerand</strong> <em>file</em></a></strong></dt>
<dd>
<p>See <em>openssl(1)/Random State Options</em> for details.</p>
</dd>
</dl>
<p>
</p>
<hr />
<h1><a name="notes">NOTES</a></h1>
<p>This command replaces the <strong>dh</strong> and <strong>gendh</strong> commands of previous
releases.</p>
<p>OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42
DH.</p>
<p>This command manipulates DH parameters not keys.</p>
<p>
</p>
<hr />
<h1><a name="bugs">BUGS</a></h1>
<p>There should be a way to generate and manipulate DH keys.</p>
<p>
</p>
<hr />
<h1><a name="see_also">SEE ALSO</a></h1>
<p><em>openssl(1)</em>,
<em>openssl-pkeyparam(1)</em>,
<a href="#dsaparam">openssl-dsaparam(1)</a></p>
<p>
</p>
<hr />
<h1><a name="history">HISTORY</a></h1>
<p>This command was deprecated in OpenSSL 3.0.</p>
<p>
</p>
<hr />
<h1><a name="copyright">COPYRIGHT</a></h1>
<p>Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.</p>
<p>Licensed under the Apache License 2.0 (the &quot;License&quot;). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
<a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
</body>
</html>