On Mon, 2014-12-15 at 05:57 +0200, Yan Fiz wrote: > $ certtool --generate-dh-params --bits 4096 --outfile server.p3 > --debug 9999 > Setting log level to 9999 > ** Note: Please use the --sec-param instead of --bits > Generating DH parameters (4096 bits)... > (might take long time)
Unfortunately that is a known issue in the 3.3.x release. You will need need nettle-2.7.1 with the attached patch in order to generate parameters larger than 3072 bits. I'll send that patch to the nettle maintainer, but I find it unlikely to have a new 2.7.x release. regards, Nikos
From c7ef2843dfca566fc67e6c8ffb601a05a60d24d9 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos <[email protected]> Date: Tue, 16 Dec 2014 12:56:34 +0100 Subject: [PATCH] allow the usage of arbitrary q_bits sizes in DSA key generation --- dsa-keygen.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dsa-keygen.c b/dsa-keygen.c index 1b84e49..65ad80f 100644 --- a/dsa-keygen.c +++ b/dsa-keygen.c @@ -61,7 +61,8 @@ dsa_generate_keypair(struct dsa_public_key *pub, return 0; break; default: - return 0; + if (q_bits < 160) + return 0; } mpz_init (p0); -- 2.1.0
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
