From 06e2c7af4bb154e50b6030f2f16662f6639eb526 Mon Sep 17 00:00:00 2001 From: jmc Date: Wed, 3 Aug 2016 06:43:21 +0000 Subject: [PATCH] shorten the openssl dhparam text; guenther helped rewrite the -dsaparam parts. --- usr.bin/openssl/openssl.1 | 116 +++++++++++--------------------------- 1 file changed, 32 insertions(+), 84 deletions(-) diff --git a/usr.bin/openssl/openssl.1 b/usr.bin/openssl/openssl.1 index acee5d3bb38..ee384aa20f4 100644 --- a/usr.bin/openssl/openssl.1 +++ b/usr.bin/openssl/openssl.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: openssl.1,v 1.43 2016/08/01 07:23:29 jmc Exp $ +.\" $OpenBSD: openssl.1,v 1.44 2016/08/03 06:43:21 jmc Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" @@ -112,7 +112,7 @@ .\" .\" OPENSSL .\" -.Dd $Mdocdate: August 1 2016 $ +.Dd $Mdocdate: August 3 2016 $ .Dt OPENSSL 1 .Os .Sh NAME @@ -1170,47 +1170,44 @@ or File or files to digest. If no files are specified then standard input is used. .El -.\" -.\" DHPARAM -.\" .Sh DHPARAM .nr nS 1 .Nm "openssl dhparam" -.Bk -words .Op Fl 2 | 5 .Op Fl C .Op Fl check .Op Fl dsaparam .Op Fl in Ar file -.Op Fl inform Ar DER | PEM +.Op Fl inform Cm der | pem .Op Fl noout .Op Fl out Ar file -.Op Fl outform Ar DER | PEM +.Op Fl outform Cm der | pem .Op Fl text .Op Ar numbits -.Ek .nr nS 0 .Pp The .Nm dhparam command is used to manipulate DH parameter files. +Only the older PKCS#3 DH is supported, +not the newer X9.42 DH. .Pp The options are as follows: .Bl -tag -width Ds .It Fl 2 , 5 -The generator to use, either 2 or 5. +The generator to use; 2 is the default. If present, the input file is ignored and parameters are generated instead. .It Fl C -This option converts the parameters into C code. +Convert the parameters into C code. The parameters can then be loaded by calling the -.Cm get_dh Ns Ar numbits Ns Li () +.No get_dh Ns Ar numbits function. .It Fl check Check the DH parameters. .It Fl dsaparam -If this option is used, DSA rather than DH parameters are read or created; -they are converted to DH format. +Read or create DSA parameters, +converted to DH format on output. Otherwise, .Qq strong primes @@ -1226,87 +1223,38 @@ Beware that with such DSA-style DH parameters, a fresh DH key should be created for each use to avoid small-subgroup attacks that may be possible otherwise. .It Fl in Ar file -This specifies the input -.Ar file -to read parameters from, or standard input if this option is not specified. -.It Fl inform Ar DER | PEM -This specifies the input format. -The argument -.Ar DER +The input file to read from, +or standard input if not specified. +.It Fl inform Cm der | pem +The input format. +.Cm der uses an ASN1 DER-encoded form compatible with the PKCS#3 DHparameter structure. -The -.Ar PEM -form is the default format: +.Cm pem +is the default: it consists of the DER format base64-encoded with -additional header and footer lines. +additional header and footer lines: +.Bd -unfilled -offset indent +-----BEGIN DH PARAMETERS----- +-----END DH PARAMETERS----- +.Ed .It Fl noout -This option inhibits the output of the encoded version of the parameters. +Inhibit the output of the encoded version of the parameters. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +.It Fl outform Cm der | pem +The output format. +.It Fl text +Print out the DH parameters in human readable form. .It Ar numbits -This argument specifies that a parameter set should be generated of size +Generate a parameter set of size .Ar numbits . It must be the last option. If not present, a value of 2048 is used. If this value is present, the input file is ignored and parameters are generated instead. -.It Fl out Ar file -This specifies the output -.Ar file -to write parameters to. -Standard output is used if this option is not present. -The output filename should -.Em not -be the same as the input filename. -.It Fl outform Ar DER | PEM -This specifies the output format; the options have the same meaning as the -.Fl inform -option. -.It Fl text -This option prints out the DH parameters in human readable form. .El -.Sh DHPARAM WARNINGS -The program -.Nm dhparam -combines the functionality of the programs -.Nm dh -and -.Nm gendh -in previous versions of -.Nm OpenSSL -and -.Nm SSLeay . -The -.Nm dh -and -.Nm gendh -programs are retained for now, but may have different purposes in future -versions of -.Nm OpenSSL . -.Sh DHPARAM NOTES -PEM format DH parameters use the header and footer lines: -.Bd -unfilled -offset indent ------BEGIN DH PARAMETERS----- ------END DH PARAMETERS----- -.Ed -.Pp -.Nm OpenSSL -currently only supports the older PKCS#3 DH, -not the newer X9.42 DH. -.Pp -This program manipulates DH parameters not keys. -.Sh DHPARAM BUGS -There should be a way to generate and manipulate DH keys. -.Sh DHPARAM HISTORY -The -.Nm dhparam -command was added in -.Nm OpenSSL -0.9.5. -The -.Fl dsaparam -option was added in -.Nm OpenSSL -0.9.6. .\" .\" DSA .\" -- 2.20.1