OpenSSL "genpkey dh_paramgen_generator:3" - DH Param Generator

Q

How to use a different DH key generation parameter generator with OpenSSL "genpkey -genparam" command?

✍: FYIcenter.com

A

When you use OpenSSL "genpkey -genparam -algorithm dh" command to generate DH key generation parameters, the default generator 2 will be used. You can change it by using the "-pkeyopt dh_paramgen_generator:n" option as shown below:

C:\Users\fyicenter>\local\openssl\openssl

OpenSSL> genpkey -genparam -algorithm dh -out dh_test.prm 
   -pkeyopt dh_paramgen_generator:3
................................................................................
.......+..................................+.................................+...
..+.............................................................................
...

OpenSSL> genpkey -paramfile dh_test.prm -out dh_test.ke

OpenSSL> pkey -in dh_test.key -text -noout
DH Private-Key: (1024 bit)
    private-key:
        6c:c7:05:a1:2e:f6:ec:6d:41:4f:92:dc:0e:f1:66:
        9d:70:6a:5a:e0:44:48:26:2e:11:28:e5:8c:b3:29:
        c7:2c:fa:ef:9b:16:6f:cd:0e:81:e0:c9:d6:8a:f7:
        c2:cb:59:41:a4:6b:71:6b:67:6c:20:52:5f:c9:2b:
        4b:25:b9:eb:8b:95:c5:12:30:ac:51:81:f5:c4:83:
        56:cb:0b:69:45:ce:f3:90:a3:c5:00:6c:ad:0d:69:
        9b:b1:43:28:ef:34:bb:f0:8f:e6:ca:cd:d8:0b:34:
        1b:d4:c1:a4:94:a2:cd:80:ef:db:ac:b5:53:bf:94:
        b8:f9:33:62:dd:a9:df:6d
    public-key:
        7f:83:1f:0b:62:c7:ff:2e:c0:b7:50:fc:73:10:50:
        f7:d4:4a:c6:5d:52:50:57:87:dc:8a:0e:85:4c:b7:
        9c:a7:88:f7:03:f6:2b:3a:e0:01:0f:34:2e:d2:b0:
        ce:b0:9e:61:6e:3c:39:51:78:6e:c6:47:90:d0:32:
        b7:56:91:c6:4f:39:e8:74:90:31:5b:d1:6a:3c:80:
        bb:9c:52:00:76:f8:3b:0c:e3:8c:c8:ed:07:55:00:
        a9:51:74:a6:cc:2a:73:b2:d7:af:26:25:0f:15:cc:
        c4:24:1e:d1:ba:48:20:75:3d:76:ba:08:ac:cf:83:
        61:5a:0c:1f:f9:01:61:da
    prime:
        00:cc:8b:95:1e:64:85:9d:20:85:22:36:da:b3:f2:
        89:6b:eb:e6:40:be:71:1d:4d:e7:85:54:c7:40:36:
        a3:b4:33:92:48:9d:4d:c8:d8:57:71:d7:8d:d5:23:
        27:fd:e7:f5:4e:02:52:60:8b:39:6c:dc:83:af:f8:
        e4:af:98:fb:29:ce:69:95:50:e1:f4:42:df:31:3d:
        92:86:9b:72:67:d5:2a:c4:36:d2:ea:59:70:01:df:
        06:72:8e:4b:a7:ae:3e:8a:45:74:38:30:e1:73:ae:
        5c:2a:f3:c7:25:7f:03:67:75:4e:39:9d:42:cf:1e:
        c0:e6:d9:57:7f:a5:81:e4:5b
    generator: 3 (0x3)

What this test tells us:

  • The "-pkeyopt dh_paramgen_generator:n" option controls the DH paramter generator value. The default value is "dh_paramgen_generator:2"

 

OpenSSL "genpkey -des" - DES Encrypt DH Keys

OpenSSL "genpkey dh_paramgen_prime_len:3072" - DH Long Keys

OpenSSL "genpkey" Command for DH Keys

⇑⇑ OpenSSL Tutorials

2017-07-25, 1276👍, 0💬