Document RFC5114 "generation" options.

(backport from HEAD)
This commit is contained in:
Dr. Stephen Henson 2012-04-07 20:42:17 +00:00
parent 491734eb21
commit cdb41713a4

View file

@ -128,6 +128,15 @@ The number of bits in the prime parameter B<p>.
The value to use for the generator B<g>.
=item B<dh_rfc5114:num>
If this option is set then the appropriate RFC5114 parameters are used
instead of generating new parameters. The value B<num> can take the
values 1, 2 or 3 corresponding to RFC5114 DH parameters consisting of
1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup
and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections
2.1, 2.2 and 2.3 respectively.
=back
=head1 EC PARAMETER GENERATION OPTIONS
@ -206,6 +215,10 @@ Generate 1024 bit DH parameters:
openssl genpkey -genparam -algorithm DH -out dhp.pem \
-pkeyopt dh_paramgen_prime_len:1024
Output RFC5114 2048 bit DH parameters with 224 bit subgroup:
openssl genpkey -genparam -algorithm DH -out dhp.pem -pkeyopt dh_rfc5114:2
Generate DH key from parameters:
openssl genpkey -paramfile dhp.pem -out dhkey.pem