=pod

=head1 NAME

gendh - DH parameter generation

=head1 SYNOPSIS

B<openssl gendh>
[B<-out filename>]
[B<-2>]
[B<-5>]
[B<-rand file(s)>]
[numbits]

=head1 DESCRIPTION

This command is used to generate DH parameter files.

=head1 OPTIONS

=over 4

=item B<-out filename>

This specifies the output filename parameters to. Standard output is used
if this option is not present. The output format is a base64 encoded form of
a PKCS#5 DHParameter structure. 

=item B<-2>, B<-5>

The generator to use, either 2 or 5. 2 is the default.

=item B<-rand file(s)>

a file or files containing random data used to seed the random number
generator. Multiple files can be specified separated by a OS-dependent
character.  For MS-Windows, the separator is B<;>.  For OpenVMS, it's
B<,>.  For all others, it's B<:>.

=item B<numbits>

this option specifies that a parameter set should be generated of size
B<numbits>. It must be the last option. If not present then a value of 512
is used.

=back

=head1 NOTES

PEM format DH parameters use the header and footer lines:

 -----BEGIN DH PARAMETERS-----
 -----END DH PARAMETERS-----

DH parameter generation is a slow process and as a result the same set of
DH parameters is often reused.

OpenSSL currently uses PKCS#3 DH not the more recent X9.42 DH.

This program creates DH parameters only, not DH keys.

=head1 BUGS

The program is badly named. The programs B<gendsa> and B<genrsa> generate
actual keys and not parameters.

There should be a way to generate and manipulate DH keys.

=head1 SEE ALSO

dsaparam(1)

=cut