aboutsummaryrefslogtreecommitdiff
path: root/openssl/doc/apps/genpkey.pod
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/doc/apps/genpkey.pod')
-rw-r--r--openssl/doc/apps/genpkey.pod13
1 files changed, 13 insertions, 0 deletions
diff --git a/openssl/doc/apps/genpkey.pod b/openssl/doc/apps/genpkey.pod
index c74d097fb..929edcd26 100644
--- a/openssl/doc/apps/genpkey.pod
+++ b/openssl/doc/apps/genpkey.pod
@@ -128,6 +128,15 @@ The number of bits in the prime parameter B<p>.
The value to use for the generator B<g>.
+=item B<dh_rfc5114:num>
+
+If this option is set then the appropriate RFC5114 parameters are used
+instead of generating new parameters. The value B<num> can take the
+values 1, 2 or 3 corresponding to RFC5114 DH parameters consisting of
+1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup
+and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections
+2.1, 2.2 and 2.3 respectively.
+
=back
=head1 EC PARAMETER GENERATION OPTIONS
@@ -206,6 +215,10 @@ Generate 1024 bit DH parameters:
openssl genpkey -genparam -algorithm DH -out dhp.pem \
-pkeyopt dh_paramgen_prime_len:1024
+Output RFC5114 2048 bit DH parameters with 224 bit subgroup:
+
+ openssl genpkey -genparam -algorithm DH -out dhp.pem -pkeyopt dh_rfc5114:2
+
Generate DH key from parameters:
openssl genpkey -paramfile dhp.pem -out dhkey.pem
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-23 02:47:01 +0000