1)The exponent x in DH can be any number.It should be big enough to bear attack.The source in DH told us what exponent x can be. ref:dh_key.c if (generate_new_key) { l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ if (!BN_rand(priv_key, l, 0, 0)) goto err; } 2)The time of generation depends the length of your DH parameters.The longger parameters you created, the more time you need to compute the value. ref: int DH_generate_parameters_ex(DH *dh,int prime_len,int generator, BN_GENCB *cb);
At 2011-03-23 08:12:37,ikuzar <razuk...@gmail.com> wrote: Hello, I 'd like to know : 1) if exponent x in g^x must be a great prime number. In some docs I saw, it is said that x must b a GREAT number but no information about primality .. 2) May generation of 'x' run for hours like related here :http://www.openssl.org/docs/crypto/DH_generate_parameters.html ( in NOTES) Thanks for your help.