1OPENSSL-DHPARAM(1ossl)              OpenSSL             OPENSSL-DHPARAM(1ossl)
2
3
4

NAME

6       openssl-dhparam - DH parameter manipulation and generation
7

SYNOPSIS

9       openssl dhparam [-help] [-inform DER|PEM] [-outform DER|PEM] [-in
10       filename] [-out filename] [-dsaparam] [-check] [-noout] [-text] [-2]
11       [-3] [-5] [-engine id] [-rand files] [-writerand file] [-provider name]
12       [-provider-path path] [-propquery propq] [numbits]
13

DESCRIPTION

15       This command is used to manipulate DH parameter files.
16
17       See "EXAMPLES" in openssl-genpkey(1) for examples on how to generate a
18       key using a named safe prime group without generating intermediate
19       parameters.
20

OPTIONS

22       -help
23           Print out a usage message.
24
25       -inform DER|PEM, -outform DER|PEM
26           The input format and output format; the default is PEM.  The object
27           is compatible with the PKCS#3 DHparameter structure.  See
28           openssl-format-options(1) for details.
29
30       -in filename
31           This specifies the input filename to read parameters from or
32           standard input if this option is not specified.
33
34       -out filename
35           This specifies the output filename parameters to. Standard output
36           is used if this option is not present. The output filename should
37           not be the same as the input filename.
38
39       -dsaparam
40           If this option is used, DSA rather than DH parameters are read or
41           created; they are converted to DH format.  Otherwise, "strong"
42           primes (such that (p-1)/2 is also prime) will be used for DH
43           parameter generation.
44
45           DH parameter generation with the -dsaparam option is much faster,
46           and the recommended exponent length is shorter, which makes DH key
47           exchange more efficient.  Beware that with such DSA-style DH
48           parameters, a fresh DH key should be created for each use to avoid
49           small-subgroup attacks that may be possible otherwise.
50
51       -check
52           Performs numerous checks to see if the supplied parameters are
53           valid and displays a warning if not.
54
55       -2, -3, -5
56           The generator to use, either 2, 3 or 5. If present then the input
57           file is ignored and parameters are generated instead. If not
58           present but numbits is present, parameters are generated with the
59           default generator 2.
60
61       numbits
62           This option specifies that a parameter set should be generated of
63           size numbits. It must be the last option. If this option is present
64           then the input file is ignored and parameters are generated
65           instead. If this option is not present but a generator (-2, -3 or
66           -5) is present, parameters are generated with a default length of
67           2048 bits.  The minimim length is 512 bits. The maximum length is
68           10000 bits.
69
70       -noout
71           This option inhibits the output of the encoded version of the
72           parameters.
73
74       -text
75           This option prints out the DH parameters in human readable form.
76
77       -engine id
78           See "Engine Options" in openssl(1).  This option is deprecated.
79
80       -rand files, -writerand file
81           See "Random State Options" in openssl(1) for details.
82
83       -provider name
84       -provider-path path
85       -propquery propq
86           See "Provider Options" in openssl(1), provider(7), and property(7).
87

NOTES

89       This command replaces the dh and gendh commands of previous releases.
90

SEE ALSO

92       openssl(1), openssl-pkeyparam(1), openssl-dsaparam(1),
93       openssl-genpkey(1).
94

HISTORY

96       The -engine option was deprecated in OpenSSL 3.0.
97
98       The -C option was removed in OpenSSL 3.0.
99
101       Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
102
103       Licensed under the Apache License 2.0 (the "License").  You may not use
104       this file except in compliance with the License.  You can obtain a copy
105       in the file LICENSE in the source distribution or at
106       <https://www.openssl.org/source/license.html>.
107
108
109
1103.0.9                             2023-07-27            OPENSSL-DHPARAM(1ossl)
Impressum