manpagez: man pages & more
man openssl-dhparam(1)
Home | html | info | man
OPENSSL-DHPARAM(1ossl)              OpenSSL             OPENSSL-DHPARAM(1ossl)


       openssl-dhparam - DH parameter manipulation and generation


       openssl dhparam [-help] [-inform DER|PEM] [-outform DER|PEM] [-in
       filename] [-out filename] [-dsaparam] [-check] [-noout] [-text]
       [-verbose] [-quiet] [-2] [-3] [-5] [-engine id] [-rand files]
       [-writerand file] [-provider name] [-provider-path path] [-propquery
       propq] [numbits]


       This command is used to manipulate DH parameter files.

       See "EXAMPLES" in openssl-genpkey(1) for examples on how to generate a
       key using a named safe prime group without generating intermediate


           Print out a usage message.

       -inform DER|PEM, -outform DER|PEM
           The input format and output format; the default is PEM.  The object
           is compatible with the PKCS#3 DHparameter structure.  See
           openssl-format-options(1) for details.

       -in filename
           This specifies the input filename to read parameters from or
           standard input if this option is not specified.

       -out filename
           This specifies the output filename parameters to. Standard output
           is used if this option is not present. The output filename should
           not be the same as the input filename.

           If this option is used, DSA rather than DH parameters are read or
           created; they are converted to DH format.  Otherwise, safe primes
           (such that (p-1)/2 is also prime) will be used for DH parameter

           DH parameter generation with the -dsaparam option is much faster.
           Beware that with such DSA-style DH parameters, a fresh DH key
           should be created for each use to avoid small-subgroup attacks that
           may be possible otherwise.

           Performs numerous checks to see if the supplied parameters are
           valid and displays a warning if not.

       -2, -3, -5
           The generator to use, either 2, 3 or 5. If present then the input
           file is ignored and parameters are generated instead. If not
           present but numbits is present, parameters are generated with the
           default generator 2.

           This option specifies that a parameter set should be generated of
           size numbits. It must be the last option. If this option is present
           then the input file is ignored and parameters are generated
           instead. If this option is not present but a generator (-2, -3 or
           -5) is present, parameters are generated with a default length of
           2048 bits.  The minimum length is 512 bits. The maximum length is
           10000 bits.

           This option inhibits the output of the encoded version of the

           This option prints out the DH parameters in human readable form.

       -engine id
           See "Engine Options" in openssl(1).  This option is deprecated.

       -rand files, -writerand file
           See "Random State Options" in openssl(1) for details.

       -provider name
       -provider-path path
       -propquery propq
           See "Provider Options" in openssl(1), provider(7), and property(7).

           This option enables the output of progress messages, which is handy
           when running commands interactively that may take a long time to

           This option suppresses the output of progress messages, which may
           be undesirable in batch scripts or pipelines.


       This command replaces the dh and gendh commands of previous releases.


       openssl(1), openssl-pkeyparam(1), openssl-dsaparam(1),


       The -engine option was deprecated in OpenSSL 3.0.

       The -C option was removed in OpenSSL 3.0.


       Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.

       Licensed under the Apache License 2.0 (the "License").  You may not use
       this file except in compliance with the License.  You can obtain a copy
       in the file LICENSE in the source distribution or at

3.2.0                             2023-11-23            OPENSSL-DHPARAM(1ossl)

openssl 3.2.0 - Generated Wed Nov 29 05:51:43 CST 2023
© 2000-2024
Individual documents may contain additional copyright information.