| =pod |
| |
| =head1 NAME |
| |
| gendh - DH parameter generation |
| |
| =head1 SYNOPSIS |
| |
| B<openssl gendh> |
| [B<-out filename>] |
| [B<-2>] |
| [B<-5>] |
| [B<-rand file(s)>] |
| [numbits] |
| |
| =head1 DESCRIPTION |
| |
| This command is used to generate DH parameter files. |
| |
| =head1 OPTIONS |
| |
| =over 4 |
| |
| =item B<-out filename> |
| |
| This specifies the output filename parameters to. Standard output is used |
| if this option is not present. The output format is a base64 encoded form of |
| a PKCS#5 DHParameter structure. |
| |
| =item B<-2>, B<-5> |
| |
| The generator to use, either 2 or 5. 2 is the default. |
| |
| =item B<-rand file(s)> |
| |
| a file or files containing random data used to seed the random number |
| generator. Multiple files can be specified separated by a OS-dependent |
| character. For MS-Windows, the separator is B<;>. For OpenVMS, it's |
| B<,>. For all others, it's B<:>. |
| |
| =item B<numbits> |
| |
| this option specifies that a parameter set should be generated of size |
| B<numbits>. It must be the last option. If not present then a value of 512 |
| is used. |
| |
| =back |
| |
| =head1 NOTES |
| |
| PEM format DH parameters use the header and footer lines: |
| |
| -----BEGIN DH PARAMETERS----- |
| -----END DH PARAMETERS----- |
| |
| DH parameter generation is a slow process and as a result the same set of |
| DH parameters is often reused. |
| |
| OpenSSL currently uses PKCS#3 DH not the more recent X9.42 DH. |
| |
| This program creates DH parameters only, not DH keys. |
| |
| =head1 BUGS |
| |
| The program is badly named. The programs B<gendsa> and B<genrsa> generate |
| actual keys and not parameters. |
| |
| There should be a way to generate and manipulate DH keys. |
| |
| =head1 SEE ALSO |
| |
| dsaparam(1) |
| |
| =cut |
