Update build for OpenSSL-0.9.8j upgrade.
[dragonfly.git] / secure / usr.bin / openssl / man / dhparam.1
CommitLineData
e257b235 1.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05)
8b0cefbb
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
5.de Sh \" Subsection heading
984263bc
MD
6.br
7.if t .Sp
8.ne 5
9.PP
10\fB\\$1\fR
11.PP
12..
8b0cefbb 13.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
14.if t .sp .5v
15.if n .sp
16..
8b0cefbb 17.de Vb \" Begin verbatim text
984263bc
MD
18.ft CW
19.nf
20.ne \\$1
21..
8b0cefbb 22.de Ve \" End verbatim text
984263bc 23.ft R
984263bc
MD
24.fi
25..
8b0cefbb
JR
26.\" Set up some character translations and predefined strings. \*(-- will
27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
e257b235
PA
28.\" double quote, and \*(R" will give a right double quote. \*(C+ will
29.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
30.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
31.\" nothing in troff, for use with C<>.
32.tr \(*W-
8b0cefbb 33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 34.ie n \{\
8b0cefbb
JR
35. ds -- \(*W-
36. ds PI pi
37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
39. ds L" ""
40. ds R" ""
41. ds C` ""
42. ds C' ""
984263bc
MD
43'br\}
44.el\{\
8b0cefbb
JR
45. ds -- \|\(em\|
46. ds PI \(*p
47. ds L" ``
48. ds R" ''
984263bc 49'br\}
8b0cefbb 50.\"
e257b235
PA
51.\" Escape single quotes in literal strings from groff's Unicode transform.
52.ie \n(.g .ds Aq \(aq
53.el .ds Aq '
54.\"
8b0cefbb
JR
55.\" If the F register is turned on, we'll generate index entries on stderr for
56.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
57.\" entries marked with X<> in POD. Of course, you'll have to process the
58.\" output yourself in some meaningful fashion.
e257b235 59.ie \nF \{\
8b0cefbb
JR
60. de IX
61. tm Index:\\$1\t\\n%\t"\\$2"
984263bc 62..
8b0cefbb
JR
63. nr % 0
64. rr F
984263bc 65.\}
e257b235
PA
66.el \{\
67. de IX
68..
69.\}
aac4ff6f 70.\"
8b0cefbb
JR
71.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
72.\" Fear. Run. Save yourself. No user-serviceable parts.
73. \" fudge factors for nroff and troff
984263bc 74.if n \{\
8b0cefbb
JR
75. ds #H 0
76. ds #V .8m
77. ds #F .3m
78. ds #[ \f1
79. ds #] \fP
984263bc
MD
80.\}
81.if t \{\
8b0cefbb
JR
82. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
83. ds #V .6m
84. ds #F 0
85. ds #[ \&
86. ds #] \&
984263bc 87.\}
8b0cefbb 88. \" simple accents for nroff and troff
984263bc 89.if n \{\
8b0cefbb
JR
90. ds ' \&
91. ds ` \&
92. ds ^ \&
93. ds , \&
94. ds ~ ~
95. ds /
984263bc
MD
96.\}
97.if t \{\
8b0cefbb
JR
98. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
99. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
100. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
101. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
102. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
103. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 104.\}
8b0cefbb 105. \" troff and (daisy-wheel) nroff accents
984263bc
MD
106.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
107.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
108.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
109.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
110.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
111.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
112.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
113.ds ae a\h'-(\w'a'u*4/10)'e
114.ds Ae A\h'-(\w'A'u*4/10)'E
8b0cefbb 115. \" corrections for vroff
984263bc
MD
116.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
117.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
8b0cefbb 118. \" for low resolution devices (crt and lpr)
984263bc
MD
119.if \n(.H>23 .if \n(.V>19 \
120\{\
8b0cefbb
JR
121. ds : e
122. ds 8 ss
123. ds o a
124. ds d- d\h'-1'\(ga
125. ds D- D\h'-1'\(hy
126. ds th \o'bp'
127. ds Th \o'LP'
128. ds ae ae
129. ds Ae AE
984263bc
MD
130.\}
131.rm #[ #] #H #V #F C
8b0cefbb
JR
132.\" ========================================================================
133.\"
134.IX Title "DHPARAM 1"
e257b235
PA
135.TH DHPARAM 1 "2009-01-11" "0.9.8j" "OpenSSL"
136.\" For nroff, turn off justification. Always turn off hyphenation; it makes
137.\" way too many mistakes in technical documents.
138.if n .ad l
139.nh
984263bc 140.SH "NAME"
e3cdf75b 141dhparam \- DH parameter manipulation and generation
984263bc 142.SH "SYNOPSIS"
8b0cefbb
JR
143.IX Header "SYNOPSIS"
144\&\fBopenssl dhparam\fR
984263bc
MD
145[\fB\-inform DER|PEM\fR]
146[\fB\-outform DER|PEM\fR]
147[\fB\-in\fR \fIfilename\fR]
148[\fB\-out\fR \fIfilename\fR]
149[\fB\-dsaparam\fR]
150[\fB\-noout\fR]
151[\fB\-text\fR]
152[\fB\-C\fR]
153[\fB\-2\fR]
154[\fB\-5\fR]
e3cdf75b 155[\fB\-rand\fR \fIfile(s)\fR]
984263bc
MD
156[\fB\-engine id\fR]
157[\fInumbits\fR]
158.SH "DESCRIPTION"
8b0cefbb
JR
159.IX Header "DESCRIPTION"
160This command is used to manipulate \s-1DH\s0 parameter files.
984263bc 161.SH "OPTIONS"
8b0cefbb
JR
162.IX Header "OPTIONS"
163.IP "\fB\-inform DER|PEM\fR" 4
164.IX Item "-inform DER|PEM"
984263bc 165This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
8b0cefbb 166form compatible with the PKCS#3 DHparameter structure. The \s-1PEM\s0 form is the
984263bc
MD
167default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with
168additional header and footer lines.
8b0cefbb
JR
169.IP "\fB\-outform DER|PEM\fR" 4
170.IX Item "-outform DER|PEM"
984263bc 171This specifies the output format, the options have the same meaning as the
8b0cefbb
JR
172\&\fB\-inform\fR option.
173.IP "\fB\-in\fR \fIfilename\fR" 4
174.IX Item "-in filename"
984263bc
MD
175This specifies the input filename to read parameters from or standard input if
176this option is not specified.
8b0cefbb
JR
177.IP "\fB\-out\fR \fIfilename\fR" 4
178.IX Item "-out filename"
984263bc
MD
179This specifies the output filename parameters to. Standard output is used
180if this option is not present. The output filename should \fBnot\fR be the same
181as the input filename.
8b0cefbb
JR
182.IP "\fB\-dsaparam\fR" 4
183.IX Item "-dsaparam"
984263bc
MD
184If this option is used, \s-1DSA\s0 rather than \s-1DH\s0 parameters are read or created;
185they are converted to \s-1DH\s0 format. Otherwise, \*(L"strong\*(R" primes (such
8b0cefbb 186that (p\-1)/2 is also prime) will be used for \s-1DH\s0 parameter generation.
984263bc 187.Sp
8b0cefbb 188\&\s-1DH\s0 parameter generation with the \fB\-dsaparam\fR option is much faster,
984263bc 189and the recommended exponent length is shorter, which makes \s-1DH\s0 key
8b0cefbb 190exchange more efficient. Beware that with such DSA-style \s-1DH\s0
984263bc
MD
191parameters, a fresh \s-1DH\s0 key should be created for each use to
192avoid small-subgroup attacks that may be possible otherwise.
8b0cefbb
JR
193.IP "\fB\-2\fR, \fB\-5\fR" 4
194.IX Item "-2, -5"
984263bc
MD
195The generator to use, either 2 or 5. 2 is the default. If present then the
196input file is ignored and parameters are generated instead.
8b0cefbb
JR
197.IP "\fB\-rand\fR \fIfile(s)\fR" 4
198.IX Item "-rand file(s)"
984263bc 199a file or files containing random data used to seed the random number
8b0cefbb
JR
200generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)).
201Multiple files can be specified separated by a OS-dependent character.
e257b235 202The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
984263bc 203all others.
8b0cefbb
JR
204.IP "\fInumbits\fR" 4
205.IX Item "numbits"
984263bc 206this option specifies that a parameter set should be generated of size
8b0cefbb 207\&\fInumbits\fR. It must be the last option. If not present then a value of 512
984263bc
MD
208is used. If this option is present then the input file is ignored and
209parameters are generated instead.
8b0cefbb
JR
210.IP "\fB\-noout\fR" 4
211.IX Item "-noout"
984263bc 212this option inhibits the output of the encoded version of the parameters.
8b0cefbb
JR
213.IP "\fB\-text\fR" 4
214.IX Item "-text"
984263bc 215this option prints out the \s-1DH\s0 parameters in human readable form.
8b0cefbb
JR
216.IP "\fB\-C\fR" 4
217.IX Item "-C"
984263bc
MD
218this option converts the parameters into C code. The parameters can then
219be loaded by calling the \fBget_dh\fR\fInumbits\fR\fB()\fR function.
8b0cefbb
JR
220.IP "\fB\-engine id\fR" 4
221.IX Item "-engine id"
984263bc
MD
222specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
223to attempt to obtain a functional reference to the specified engine,
224thus initialising it if needed. The engine will then be set as the default
225for all available algorithms.
226.SH "WARNINGS"
8b0cefbb 227.IX Header "WARNINGS"
984263bc 228The program \fBdhparam\fR combines the functionality of the programs \fBdh\fR and
8b0cefbb 229\&\fBgendh\fR in previous versions of OpenSSL and SSLeay. The \fBdh\fR and \fBgendh\fR
984263bc
MD
230programs are retained for now but may have different purposes in future
231versions of OpenSSL.
232.SH "NOTES"
8b0cefbb
JR
233.IX Header "NOTES"
234\&\s-1PEM\s0 format \s-1DH\s0 parameters use the header and footer lines:
984263bc
MD
235.PP
236.Vb 2
e257b235
PA
237\& \-\-\-\-\-BEGIN DH PARAMETERS\-\-\-\-\-
238\& \-\-\-\-\-END DH PARAMETERS\-\-\-\-\-
984263bc 239.Ve
984263bc 240.PP
8b0cefbb
JR
241OpenSSL currently only supports the older PKCS#3 \s-1DH\s0, not the newer X9.42
242\&\s-1DH\s0.
243.PP
244This program manipulates \s-1DH\s0 parameters not keys.
984263bc 245.SH "BUGS"
8b0cefbb
JR
246.IX Header "BUGS"
247There should be a way to generate and manipulate \s-1DH\s0 keys.
984263bc 248.SH "SEE ALSO"
8b0cefbb
JR
249.IX Header "SEE ALSO"
250\&\fIdsaparam\fR\|(1)
984263bc 251.SH "HISTORY"
8b0cefbb 252.IX Header "HISTORY"
984263bc
MD
253The \fBdhparam\fR command was added in OpenSSL 0.9.5.
254The \fB\-dsaparam\fR option was added in OpenSSL 0.9.6.