On Fri, Feb 21, 2020 at 11:27:55PM +0000, Matt Caswell wrote: > > > On 21/02/2020 23:18, Kurt Roeckx wrote: > > On Fri, Feb 21, 2020 at 11:00:10PM +0000, Matt Caswell wrote: > >> > >> dhparam itself has been deprecated. For that reason we are not > >> attempting to rewrite it to use non-deprecated APIs. The informed > >> decision we have made about DH_check use in dhparam is to not build the > >> whole application in a no-deprecated build: > >> > >> *) The command line utilities dhparam, dsa, gendsa and dsaparam have been > >> deprecated. Instead use the pkeyparam, pkey, genpkey and pkeyparam > >> programs respectively. > >> [Paul Dale] > > > > For some reason I seem to have missed various things. > > > > But I think deprecating tools like dhparam, dsaparam in favour of > > genpkey is something that we should reconsider. > > What is your reasoning? > > (I just realised that what the CHANGES entry says is that > dhparam/dsaparam are deprecated in favour of pkeyparam - but actually I > think the equivalent functionality is more split between genpkey and > pkeyparam)
Some equivalants: openssl dhparam 2048 openssl genpkey -genparam --algorithm DH -pkeyopt dh_paramgen_prime_len:2048 openssl dsaparam 2048 openssl genpkey -genparam -algorithm DSA -pkeyopt dsa_paramgen_bits:2048 If you search internet, you will more than likely find the first ones. They are very easy. I have to look up at the manual page examples to know how to use genpkey. Kurt