OpenSSL "genpkey -paramfile" - Generate DH Key

Q

How to generate a new DH private key using OpenSSL "genpkey" command?

✍: FYIcenter.com

A

If you need a new DH private key in order to create a new certificate, you can use the OpenSSL "genpkey" command as shown below:

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> genpkey -paramfile my_dh.prm -out my_dh.key
OpenSSL> exit

C:\Users\fyicenter>type my_dh.key
-----BEGIN PRIVATE KEY-----
MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBALzizRYfhhdc1miJMXG88tKCCdLO
SIG7G2Fsh27ec41AP+pExiT781P/JjnLmy85Niy9OhTZDkiSnAqNiWO+DC/3elIK
jHfxQgBMMd+57MCduH9MEOVEQKb/drJkPFeCBShJlM+KyoNCpLfV0Tu/icb/KTQA
UdiQA0cehBtTNmwzAgECBIGDAoGAUa07TyiiLwrxgGzHILAhww+D3OPQBjr3nUxP
r4wslGf/ZxkgCLMfcgQnBzMts2I18n5Yj5HMksGx9iL4wfbpS4KjgG216MqSk81D
OIQ9DF86VsuaYSvRA2gVktxf9gPnnC9VsThcuEuMKRS1csBNVSEjAbS7KS7RWrt4
mcoqa20=
-----END PRIVATE KEY-----

Note about this test:

  • You don't need to specify "-algorighm dh", because the DH parameter file is provided by the "-paramfile my_dh.prm" option.
  • The output is labeled as private key. But it actually contains two parts, a private key and a matching public key, as a key pair for encryption and decryption.
  • The output is not password protected, which is not recommended. Private keys must be kept private with a password.

 

OpenSSL "genpkey" Command for DH Keys

⇒⇒OpenSSL Tutorials

2017-09-08, 525👍, 0💬