> 'gendh' and 'dh' should be combined and called 'dhparam' this would be
> more consistent with the dsaparam behaviour.
>> - There's no way to generate a DH private key or public key, or to
>> combine them into a shared secret. (The API function names for this,
>> DH_generate_key, and DH_compute_key, are also confusing.)
> Thats because DH private keys are only parly supported: for example
> there isn't any ASN1 structure for holding a DH private key at present
> nor can DH public keys be used in certificates.
And the ASN.1 structure for DH parameters does not allow storing the
order of the generator (that is, the sub-prime; or at least it's
likely to be prime in those cases where one would like to store it).
In fact even the DH data structure does not have a component for it.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
