[openssl-users] Fast DH parameters generation

Massimiliano Pala director at openca.org
Tue Jun 16 17:22:09 UTC 2015

Hi all,

I am working on an application that would use DH to allow exchanging 
symmetric keys (not a TLS app), and we noticed that we could use two 
different approaches to generate the parameters.

The first option is to use the DH_generate_parameters_ex() + 
DH_generate_key() - but that takes quite a long time when using 2048 
bits DH.

The second option, instead, is to generate DSA parameters and then copy 
them as DH params - i.e., using DSA_generate_parameters_ex() + 
DSA_dup_DH() + DH_generate_key().

Of course, the second approach is a lot faster - however, can anyone 
explain the warning not from the documentation "Be careful to avoid 
small subgroup attacks when using this." ? AFAIK, for such attacks to be 
effective, they require that the parameters are re-used multiple times. 
However, in our specific case, the generated parameters will be used 
only once (2048 bits) and then discarded...


More information about the openssl-users mailing list