*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->OpenBSD man pages -> DH_generate_parameters (3)              
Title
Content
Arch
Section
 

DH_GENERATE_PARAMETERS(3)

Contents

NAME    [Toc]    [Back]

       DH_generate_parameters, DH_check - generate and check
       Diffie-Hellman parameters

SYNOPSIS    [Toc]    [Back]

        #include <openssl/dh.h>

        DH *DH_generate_parameters(int prime_len, int generator,
            void (*callback)(int, int, void *), void *cb_arg);

        int DH_check(DH *dh, int *codes);

DESCRIPTION    [Toc]    [Back]

       DH_generate_parameters() generates Diffie-Hellman parameters
 that can be shared among a group of users, and
       returns them in a newly allocated DH structure. The
       pseudo-random number generator must be seeded prior to
       calling DH_generate_parameters().

       prime_len is the length in bits of the safe prime to be
       generated.  generator is a small number > 1, typically 2
       or 5.

       A callback function may be used to provide feedback about
       the progress of the key generation. If callback is not
       NULL, it will be called as described in
       BN_generate_prime(3) while a random prime number is generated,
 and when a prime has been found, callback(3, 0,
       cb_arg) is called.

       DH_check() validates Diffie-Hellman parameters. It checks
       that p is a safe prime, and that g is a suitable generator.
 In the case of an error, the bit flags
       DH_CHECK_P_NOT_SAFE_PRIME or DH_NOT_SUITABLE_GENERATOR are
       set in *codes.  DH_UNABLE_TO_CHECK_GENERATOR is set if the
       generator cannot be checked, i.e. it does not equal 2 or
       5.

RETURN VALUES    [Toc]    [Back]

       DH_generate_parameters() returns a pointer to the DH
       structure, or NULL if the parameter generation fails. The
       error codes can be obtained by ERR_get_error(3).

       DH_check() returns 1 if the check could be performed, 0
       otherwise.

NOTES    [Toc]    [Back]

       DH_generate_parameters() may run for several hours before
       finding a suitable prime.

       The parameters generated by DH_generate_parameters() are
       not to be used in signature schemes.

BUGS    [Toc]    [Back]

       If generator is not 2 or 5, dh->g=generator is not a
       usable generator.

SEE ALSO    [Toc]    [Back]

      
       
       dh(3), ERR_get_error(3), rand(3), DH_free(3)

HISTORY    [Toc]    [Back]

       DH_check() is available in all versions of SSLeay and
       OpenSSL.  The cb_arg argument to DH_generate_parameters()
       was added in SSLeay 0.9.0.

       In versions before OpenSSL 0.9.5,
       DH_CHECK_P_NOT_STRONG_PRIME is used instead of
       DH_CHECK_P_NOT_SAFE_PRIME.


OpenBSD 3.6                 2003-05-11                          2
[ Back ]
 Similar pages
Name OS Title
gss_test_oid_set_member HP-UX check an OID set for a specified OID
co IRIX check out RCS revisions
pathchk IRIX check pathnames
co FreeBSD check out RCS revisions
co Tru64 check out RCS revisions
ci HP-UX check in RCS revisions
co HP-UX check out RCS revisions
ci FreeBSD check in RCS revisions
ci IRIX check in RCS revisions
tt_is_err HP-UX check status value
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service