GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  DH_GENERATE_PARAMETERS (3)

.ds Aq ’

NAME

DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters

CONTENTS

SYNOPSIS



 #include <openssl/dh.h>

 DH *DH_generate_parameters(int prime_len, int generator,
     void (*callback)(int, int, void *), void *cb_arg);

 int DH_check(DH *dh, int *codes);



DESCRIPTION

DH_generate_parameters() generates Diffie-Hellman parameters that can be shared among a group of users, and returns them in a newly allocated DH structure. The pseudo-random number generator must be seeded prior to calling DH_generate_parameters().

prime_len is the length in bits of the safe prime to be generated. generator is a small number > 1, typically 2 or 5.

A callback function may be used to provide feedback about the progress of the key generation. If callback is not NULL, it will be called as described in BN_generate_prime(3) while a random prime number is generated, and when a prime has been found, callback(3, 0, cb_arg) is called.

DH_check() validates Diffie-Hellman parameters. It checks that p is a safe prime, and that g is a suitable generator. In the case of an error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or DH_NOT_SUITABLE_GENERATOR are set in *codes. DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be checked, i.e. it does not equal 2 or 5.

RETURN VALUES

DH_generate_parameters() returns a pointer to the DH structure, or NULL if the parameter generation fails. The error codes can be obtained by ERR_get_error(3).

DH_check() returns 1 if the check could be performed, 0 otherwise.

NOTES

DH_generate_parameters() may run for several hours before finding a suitable prime.

The parameters generated by DH_generate_parameters() are not to be used in signature schemes.

BUGS

If generator is not 2 or 5, dh->g=generator is not a usable generator.

SEE ALSO

dh(3), ERR_get_error(3), rand(3), DH_free(3)

HISTORY

DH_check() is available in all versions of SSLeay and OpenSSL. The cb_arg argument to DH_generate_parameters() was added in SSLeay 0.9.0.

In versions before OpenSSL 0.9.5, DH_CHECK_P_NOT_STRONG_PRIME is used instead of DH_CHECK_P_NOT_SAFE_PRIME.

Search for    or go to Top of page |  Section 3 |  Main Index


1.0.1s DH_GENERATE_PARAMETERS (3) 2016-03-01

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.