OpenSSL "genpkey dsa_paramgen_bits:10240" - DSA Long Keys

Q

How to generate a new DSA key pair with a longer key size using OpenSSL "genpkey" command?

✍: FYIcenter.com

A

If you need a new DSA key pair with a longer key size for testing purpose, you can use the OpenSSL "genpkey" command as shown below:

C:\Users\fyicenter>time
The current time is: 20:36:46.56

C:\Users\fyicenter>\local\openssl\openssl
OpenSSL> genpkey -genparam -algorithm dsa -out dsa_test.prm 
   -pkeyopt dsa_paramgen_bits:10240
   
.+++++++++++++++++++++++++++++++++++++++++++++++++++*
....+...............+....+................+..............+...........+..+.....+.
..+............+..........+....+.......................+.....+........+..+.+.+..
.......+...+.........+..+.+...................+.....+...+......................+
.......+...................................+.+..+.........+..+................+.
...

OpenSSL> exit

C:\Users\fyicenter>time
The current time is: 20:44:19.50

C:\Users\fyicenter>\local\openssl\openssl
OpenSSL> genpkey -paramfile dsa_test.prm -out dsa_test.key
OpenSSL> pkey -in dsa_test.key -text -noout
Private-Key: (10240 bit)
priv:
    23:d6:bc:be:3d:b3:d8:7e:d9:2b:05:3c:cd:19:e6:
    60:67:0c:13:cd
pub:
    61:36:6c:aa:63:fe:07:d2:f9:8c:43:e7:ce:ab:b4:
    5c:b8:64:7b:d3:12:79:a2:a4:dc:01:3b:a5:6f:42:
    b8:3e:dc:ad:f0:94:da:d9:ef:e8:91:14:fb:50:8c:
...

What this test tells us:

  • OpenSSL allows you to generate longer DSA keys. But it will take a longer time. A 10240-bit DSA key pair took more than 7 minutes to generate on a laptop computer.

 

OpenSSL "genpkey" Command for DSA Keys

⇒⇒OpenSSL Tutorials

2017-11-25, 322👍, 0💬