X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=doc%2Fapps%2Fdhparam.pod;h=6e27cf5c1516a008784b7a45d9e657d2f4367130;hb=623acb90cc7fdd5bd51a850ee6acc45b661daa83;hp=59d1f68300ccd817120735866e00fe02b737784f;hpb=09483c58e3b21841d2761ce90b1f12b24f814881;p=oweals%2Fopenssl.git diff --git a/doc/apps/dhparam.pod b/doc/apps/dhparam.pod index 59d1f68300..6e27cf5c15 100644 --- a/doc/apps/dhparam.pod +++ b/doc/apps/dhparam.pod @@ -6,18 +6,21 @@ dhparam - DH parameter manipulation and generation =head1 SYNOPSIS -B +B [B<-inform DER|PEM>] [B<-outform DER|PEM>] -[B<-in filename>] -[B<-out filename>] +[B<-in> I] +[B<-out> I] +[B<-dsaparam>] +[B<-check>] [B<-noout>] [B<-text>] [B<-C>] [B<-2>] [B<-5>] -[B<-rand file(s)>] -[numbits] +[B<-rand> I] +[B<-engine id>] +[I] =head1 DESCRIPTION @@ -39,33 +42,50 @@ additional header and footer lines. This specifies the output format, the options have the same meaning as the B<-inform> option. -=item B<-in filename> +=item B<-in> I This specifies the input filename to read parameters from or standard input if this option is not specified. -=item B<-out filename> +=item B<-out> I This specifies the output filename parameters to. Standard output is used if this option is not present. The output filename should B be the same as the input filename. +=item B<-dsaparam> + +If this option is used, DSA rather than DH parameters are read or created; +they are converted to DH format. Otherwise, "strong" primes (such +that (p-1)/2 is also prime) will be used for DH parameter generation. + +DH parameter generation with the B<-dsaparam> option is much faster, +and the recommended exponent length is shorter, which makes DH key +exchange more efficient. Beware that with such DSA-style DH +parameters, a fresh DH key should be created for each use to +avoid small-subgroup attacks that may be possible otherwise. + +=item B<-check> + +check if the parameters are valid primes and generator. + =item B<-2>, B<-5> The generator to use, either 2 or 5. 2 is the default. If present then the input file is ignored and parameters are generated instead. -=item B<-rand file(s)> +=item B<-rand> I a file or files containing random data used to seed the random number -generator. Multiple files can be specified separated by a OS-dependent -character. For MS-Windows, the separator is B<;>. For OpenVMS, it's -B<,>. For all others, it's B<:>. +generator, or an EGD socket (see L). +Multiple files can be specified separated by a OS-dependent character. +The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for +all others. -=item B +=item I this option specifies that a parameter set should be generated of size -B. It must be the last option. If not present then a value of 512 +I. It must be the last option. If not present then a value of 512 is used. If this option is present then the input file is ignored and parameters are generated instead. @@ -80,7 +100,14 @@ this option prints out the DH parameters in human readable form. =item B<-C> this option converts the parameters into C code. The parameters can then -be loaded by calling the B function. +be loaded by calling the BIB<()> function. + +=item B<-engine id> + +specifying an engine (by its unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. =back @@ -109,6 +136,11 @@ There should be a way to generate and manipulate DH keys. =head1 SEE ALSO -dsaparam(1) +L + +=head1 HISTORY + +The B command was added in OpenSSL 0.9.5. +The B<-dsaparam> option was added in OpenSSL 0.9.6. =cut