projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
afb14cd
)
Document RFC5114 "generation" options.
author
Dr. Stephen Henson
<steve@openssl.org>
Wed, 7 Dec 2011 00:42:22 +0000
(
00:42
+0000)
committer
Dr. Stephen Henson
<steve@openssl.org>
Wed, 7 Dec 2011 00:42:22 +0000
(
00:42
+0000)
doc/apps/genpkey.pod
patch
|
blob
|
history
diff --git
a/doc/apps/genpkey.pod
b/doc/apps/genpkey.pod
index 1611b5ca78be18bfcae34e73a01a0b4664d85514..84f9edb2d7315dace24959ebe83bd30f3cc198b8 100644
(file)
--- a/
doc/apps/genpkey.pod
+++ b/
doc/apps/genpkey.pod
@@
-126,6
+126,15
@@
The number of bits in the prime parameter B<p>.
The value to use for the generator B<g>.
The value to use for the generator B<g>.
+=item B<dh_rfc5114:num>
+
+If this option is set then the appropriate RFC5114 parameters are used
+instead of generating new parameters. The value B<num> can take the
+values 1, 2 or 3 corresponding to RFC5114 DH parameters consisting of
+1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup
+and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections
+2.1, 2.2 and 2.3 respectively.
+
=back
=head1 EC PARAMETER GENERATION OPTIONS
=back
=head1 EC PARAMETER GENERATION OPTIONS
@@
-204,6
+213,10
@@
Generate 1024 bit DH parameters:
openssl genpkey -genparam -algorithm DH -out dhp.pem \
-pkeyopt dh_paramgen_prime_len:1024
openssl genpkey -genparam -algorithm DH -out dhp.pem \
-pkeyopt dh_paramgen_prime_len:1024
+Output RFC5114 2048 bit DH parameters with 224 bit subgroup:
+
+ openssl genpkey -genparam -algorithm DH -out dhp.pem -pkeyopt dh_rfc5114:2
+
Generate DH key from parameters:
openssl genpkey -paramfile dhp.pem -out dhkey.pem
Generate DH key from parameters:
openssl genpkey -paramfile dhp.pem -out dhkey.pem