| DHPARAM(1) | OpenSSL | DHPARAM(1) |
| -inform DER|PEM | This specifies the input format. The DER option uses an ASN1 DER encoded form compatible with the PKCS#3 DHparameter structure. The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines. |
| -outform DER|PEM | This specifies the output format, the options have the same meaning as the -inform option. |
| -in filename | This specifies the input filename to read parameters from or standard input if this option is not specified. |
| -out filename | This specifies the output filename parameters to. Standard output is used if this option is not present. The output filename should not be the same as the input filename. |
| -dsaparam |
If this option is used, DSA rather than DH parameters are read or created; they are converted to DH format. Otherwise, "strong" primes (such that (p-1)/2 is also prime) will be used for DH parameter generation. |
| -2, -5 | The generator to use, either 2 or 5. 2 is the default. If present then the input file is ignored and parameters are generated instead. |
| -rand file(s) | a file or files containing random data used to seed the random number generator, or an EGD socket (see RAND_egd(3)). Multiple files can be specified separated by a OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others. |
| numbits | this option specifies that a parameter set should be generated of size numbits. It must be the last option. If not present then a value of 512 is used. If this option is present then the input file is ignored and parameters are generated instead. |
| -noout | this option inhibits the output of the encoded version of the parameters. |
| -text | this option prints out the DH parameters in human readable form. |
| -C | this option converts the parameters into C code. The parameters can then be loaded by calling the get_dhnumbits() function. |
| -engine id | specifying an engine (by its unique id string) will cause dhparam to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. |
-----BEGIN DH PARAMETERS----- -----END DH PARAMETERS-----
OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42 DH.
This program manipulates DH parameters not keys.
| July 20, 2009 | 1.0.1-dev |