1DHPARAM(1)                          OpenSSL                         DHPARAM(1)
2
3
4

NAME

6       openssl-dhparam, dhparam - DH parameter manipulation and generation
7

SYNOPSIS

9       openssl dhparam [-help] [-inform DER|PEM] [-outform DER|PEM] [-in
10       filename] [-out filename] [-dsaparam] [-check] [-noout] [-text] [-C]
11       [-2] [-5] [-rand file...]  [-writerand file] [-engine id] [numbits]
12

DESCRIPTION

14       This command is used to manipulate DH parameter files.
15

OPTIONS

17       -help
18           Print out a usage message.
19
20       -inform DER|PEM
21           This specifies the input format. The DER option uses an ASN1 DER
22           encoded form compatible with the PKCS#3 DHparameter structure. The
23           PEM form is the default format: it consists of the DER format
24           base64 encoded with additional header and footer lines.
25
26       -outform DER|PEM
27           This specifies the output format, the options have the same meaning
28           and default as the -inform option.
29
30       -in filename
31           This specifies the input filename to read parameters from or
32           standard input if this option is not specified.
33
34       -out filename
35           This specifies the output filename parameters to. Standard output
36           is used if this option is not present. The output filename should
37           not be the same as the input filename.
38
39       -dsaparam
40           If this option is used, DSA rather than DH parameters are read or
41           created; they are converted to DH format.  Otherwise, "strong"
42           primes (such that (p-1)/2 is also prime) will be used for DH
43           parameter generation.
44
45           DH parameter generation with the -dsaparam option is much faster,
46           and the recommended exponent length is shorter, which makes DH key
47           exchange more efficient.  Beware that with such DSA-style DH
48           parameters, a fresh DH key should be created for each use to avoid
49           small-subgroup attacks that may be possible otherwise.
50
51       -check
52           Performs numerous checks to see if the supplied parameters are
53           valid and displays a warning if not.
54
55       -2, -5
56           The generator to use, either 2 or 5. If present then the input file
57           is ignored and parameters are generated instead. If not present but
58           numbits is present, parameters are generated with the default
59           generator 2.
60
61       -rand file...
62           A file or files containing random data used to seed the random
63           number generator.  Multiple files can be specified separated by an
64           OS-dependent character.  The separator is ; for MS-Windows, , for
65           OpenVMS, and : for all others.
66
67       [-writerand file]
68           Writes random data to the specified file upon exit.  This can be
69           used with a subsequent -rand flag.
70
71       numbits
72           This option specifies that a parameter set should be generated of
73           size numbits. It must be the last option. If this option is present
74           then the input file is ignored and parameters are generated
75           instead. If this option is not present but a generator (-2 or -5)
76           is present, parameters are generated with a default length of 2048
77           bits.
78
79       -noout
80           This option inhibits the output of the encoded version of the
81           parameters.
82
83       -text
84           This option prints out the DH parameters in human readable form.
85
86       -C  This option converts the parameters into C code. The parameters can
87           then be loaded by calling the get_dhNNNN() function.
88
89       -engine id
90           Specifying an engine (by its unique id string) will cause dhparam
91           to attempt to obtain a functional reference to the specified
92           engine, thus initialising it if needed. The engine will then be set
93           as the default for all available algorithms.
94

WARNINGS

96       The program dhparam combines the functionality of the programs dh and
97       gendh in previous versions of OpenSSL. The dh and gendh programs are
98       retained for now but may have different purposes in future versions of
99       OpenSSL.
100

NOTES

102       PEM format DH parameters use the header and footer lines:
103
104        -----BEGIN DH PARAMETERS-----
105        -----END DH PARAMETERS-----
106
107       OpenSSL currently only supports the older PKCS#3 DH, not the newer
108       X9.42 DH.
109
110       This program manipulates DH parameters not keys.
111

BUGS

113       There should be a way to generate and manipulate DH keys.
114

SEE ALSO

116       dsaparam(1)
117
119       Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
120
121       Licensed under the OpenSSL license (the "License").  You may not use
122       this file except in compliance with the License.  You can obtain a copy
123       in the file LICENSE in the source distribution or at
124       <https://www.openssl.org/source/license.html>.
125
126
127
1281.1.1c                            2019-05-28                        DHPARAM(1)
Impressum