> From: [email protected] On Behalf Of Benny Baumann > Sent: Sunday, August 10, 2014 08:44
> Am 09.08.2014 19:24, schrieb Annie Yousar: > > Hi Ben, you can generate keys with arbitrary exponents using the > > genpkey command: > > > > openssl genpkey -algorithm rsa \ -pkeyopt rsa_keygen_bits:16384 > > -pkeyopt rsa_keygen_pubexp:4711 > Thanks for this information. Now that you mention this: I read about > it in the documentation. But unfortunately genpkey and genrsa produce > slightly different output (plain RSA key vs. publicKeyInfo) - thus > having such a -pkeyopt like interface available uniformly for genrsa, > gendsa and ec might be useful. > > You can pipe genpkey alg=rsa through rsa to convert to the bare form. gendsa or genpkey alg=dsa is only a random choice with no options. Same for ecparam -genkey or genpkey alg=ec, and genpkey alg=dh. *dsaparam* or genpkey-genparam alg=dsa could in principle allow selection of the subgroup size, but for 2 prime sizes the standard allows only one choice, and for the 3rd prime size the standard allows only two choices. That hardly seems worth the bother. genpkey-genparam alg=dh vs dhparam is the only other interesting case. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
