On Sat, 22 Feb 2020 00:51:17 +0100, Kurt Roeckx wrote: > Some equivalants: > openssl dhparam 2048 > openssl genpkey -genparam --algorithm DH -pkeyopt dh_paramgen_prime_len:2048 > > openssl dsaparam 2048 > openssl genpkey -genparam -algorithm DSA -pkeyopt dsa_paramgen_bits:2048
Side note: I never quite understood why we had to have such verbose pkey opts. "prime_len" and "bits" would have been enough, the rest is known by context (the command line already specifies that it wants to generate domain parameters and that the algorithm is DH, or DSA) I have to agree with Viktor that some of those pkey commands are overly complicated at times... it's a bit hard to undo at this point, though, apart from creating an entirely new openssl command with a different, and possibly more intuitive interface. Something that could be done is to take all those aged commands and rewrite them as wrappers for genpkey, pkey and pkeyutl. Simply create and populate a new argv and call genpkey_main(), pkey_main() or pkeyutl_main(). std::mantra: PR welcome! Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/