Deprecations

Richard Levitte levitte at openssl.org
Sat Feb 22 09:53:32 UTC 2020


On Sat, 22 Feb 2020 00:51:17 +0100,
Kurt Roeckx wrote:
> Some equivalants:
> openssl dhparam 2048
> openssl genpkey -genparam --algorithm DH -pkeyopt dh_paramgen_prime_len:2048
> 
> openssl dsaparam 2048
> openssl genpkey -genparam -algorithm DSA -pkeyopt dsa_paramgen_bits:2048

Side note: I never quite understood why we had to have such verbose
pkey opts.  "prime_len" and "bits" would have been enough, the rest is
known by context (the command line already specifies that it wants to
generate domain parameters and that the algorithm is DH, or DSA)

I have to agree with Viktor that some of those pkey commands are
overly complicated at times...  it's a bit hard to undo at this point,
though, apart from creating an entirely new openssl command with a
different, and possibly more intuitive interface.

Something that could be done is to take all those aged commands and
rewrite them as wrappers for genpkey, pkey and pkeyutl.  Simply create
and populate a new argv and call genpkey_main(), pkey_main() or
pkeyutl_main().

std::mantra: PR welcome!

Cheers,
Richard

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/


More information about the openssl-project mailing list