[openssl-users] More secure use of DSA?
Leam Hall
leamhall at gmail.com
Fri Sep 2 15:50:09 UTC 2016
Thanks to Matt Caswell for helping me fix the DSA question. His
solution, based of the information I provided, was:
openssl genpkey -genparam -algorithm DSA -pkeyopt \
dsa_paramgen_bits:2048 -out dsa.params
openssl genpkey -paramfile dsa.params -out dsa.key
Which leads to my next question. For general application and ssh level
defense, is 2048 the right bit amount? Is there a reason not to go to
4096 absent very high request counts? Are there other security flags I
should use?
I'm currently reading Ivan's "OpenSSL cookbook but some of it is slow to
sink in.
Thanks!
Leam
More information about the openssl-users
mailing list