Viktor Dukhovni openssl-users at
Sat Feb 22 03:36:35 UTC 2020

On Sat, Feb 22, 2020 at 12:51:17AM +0100, Kurt Roeckx wrote:

> > (I just realised that what the CHANGES entry says is that
> > dhparam/dsaparam are deprecated in favour of pkeyparam - but actually I
> > think the equivalent functionality is more split between genpkey and
> > pkeyparam)
> Some equivalants:
> openssl dhparam 2048
> openssl genpkey -genparam --algorithm DH -pkeyopt dh_paramgen_prime_len:2048
> openssl dsaparam 2048
> openssl genpkey -genparam -algorithm DSA -pkeyopt dsa_paramgen_bits:2048

+100.  The new commands are nice for professionally written utilities
that need to be algorithm polymorphic, ...  But there's nothing like
using a screwdriver to turn a screw, rather than banging it in with
an all-purpose hammer!

> If you search internet, you will more than likely find the first
> ones. They are very easy. I have to look up at the manual page
> examples to know how to use genpkey.

Yes, same here.


More information about the openssl-project mailing list