From: Dr. Stephen Henson Date: Sat, 7 Apr 2012 20:42:17 +0000 (+0000) Subject: Document RFC5114 "generation" options. X-Git-Tag: OpenSSL_1_0_2-beta1~675 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=cdb41713a45a64eb6dae85900aeab1178c1c2106;p=oweals%2Fopenssl.git Document RFC5114 "generation" options. (backport from HEAD) --- diff --git a/doc/apps/genpkey.pod b/doc/apps/genpkey.pod index c74d097fb3..929edcd26f 100644 --- a/doc/apps/genpkey.pod +++ b/doc/apps/genpkey.pod @@ -128,6 +128,15 @@ The number of bits in the prime parameter B

. The value to use for the generator B. +=item B + +If this option is set then the appropriate RFC5114 parameters are used +instead of generating new parameters. The value B can take the +values 1, 2 or 3 corresponding to RFC5114 DH parameters consisting of +1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup +and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections +2.1, 2.2 and 2.3 respectively. + =back =head1 EC PARAMETER GENERATION OPTIONS @@ -206,6 +215,10 @@ Generate 1024 bit DH parameters: openssl genpkey -genparam -algorithm DH -out dhp.pem \ -pkeyopt dh_paramgen_prime_len:1024 +Output RFC5114 2048 bit DH parameters with 224 bit subgroup: + + openssl genpkey -genparam -algorithm DH -out dhp.pem -pkeyopt dh_rfc5114:2 + Generate DH key from parameters: openssl genpkey -paramfile dhp.pem -out dhkey.pem