Deprecations

Kurt Roeckx kurt at roeckx.be
Fri Feb 21 23:51:17 UTC 2020


On Fri, Feb 21, 2020 at 11:27:55PM +0000, Matt Caswell wrote:
> 
> 
> On 21/02/2020 23:18, Kurt Roeckx wrote:
> > On Fri, Feb 21, 2020 at 11:00:10PM +0000, Matt Caswell wrote:
> >>
> >> dhparam itself has been deprecated. For that reason we are not
> >> attempting to rewrite it to use non-deprecated APIs. The informed
> >> decision we have made about DH_check use in dhparam is to not build the
> >> whole application in a no-deprecated build:
> >>
> >>   *) The command line utilities dhparam, dsa, gendsa and dsaparam have been
> >>      deprecated.  Instead use the pkeyparam, pkey, genpkey and pkeyparam
> >>      programs respectively.
> >>      [Paul Dale]
> > 
> > For some reason I seem to have missed various things.
> > 
> > But I think deprecating tools like dhparam, dsaparam in favour of
> > genpkey is something that we should reconsider.
> 
> What is your reasoning?
> 
> (I just realised that what the CHANGES entry says is that
> dhparam/dsaparam are deprecated in favour of pkeyparam - but actually I
> think the equivalent functionality is more split between genpkey and
> pkeyparam)

Some equivalants:
openssl dhparam 2048
openssl genpkey -genparam --algorithm DH -pkeyopt dh_paramgen_prime_len:2048

openssl dsaparam 2048
openssl genpkey -genparam -algorithm DSA -pkeyopt dsa_paramgen_bits:2048


If you search internet, you will more than likely find the first
ones. They are very easy. I have to look up at the manual page
examples to know how to use genpkey.


Kurt



More information about the openssl-project mailing list