[openssl-users] More secure use of DSA?

Leam Hall leamhall at gmail.com
Fri Sep 2 15:50:09 UTC 2016

Thanks to Matt Caswell for helping me fix the DSA question. His 
solution, based of the information I provided, was:

	openssl genpkey -genparam -algorithm DSA -pkeyopt \
	  dsa_paramgen_bits:2048 -out dsa.params

	openssl genpkey -paramfile dsa.params -out dsa.key

Which leads to my next question. For general application and ssh level 
defense, is 2048 the right bit amount? Is there a reason not to go to 
4096 absent very high request counts? Are there other security flags I 
should use?

I'm currently reading Ivan's "OpenSSL cookbook but some of it is slow to 
sink in.



More information about the openssl-users mailing list