dsaparam error OpenSSL 1.1.1d

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

dsaparam error OpenSSL 1.1.1d

shiva kumar
Hi,
I'm using OpenSSL 1.1.1d, when I tried executing the dsaparam command in command line as shown below it takes long time and I won't get output, it just keeps on processing. Is this an error? what is causing the problem?

openssl dsaparam 128 -rand file

openssl dsaparam  -rand file


--
With Best Regards
Shivakumar S
Reply | Threaded
Open this post in threaded view
|

Re: dsaparam error OpenSSL 1.1.1d

shiva kumar
Hi,
can anyone please help me to solve this issue?
openssl dsaparam 128 -rand file 
is taking long time processing the command and not producing any output.


On Sun, Nov 10, 2019 at 8:17 PM shiva kumar <[hidden email]> wrote:
Hi,
I'm using OpenSSL 1.1.1d, when I tried executing the dsaparam command in command line as shown below it takes long time and I won't get output, it just keeps on processing. Is this an error? what is causing the problem?

openssl dsaparam 128 -rand file

openssl dsaparam  -rand file


--
With Best Regards
Shivakumar S


--
With Best Regards
Shivakumar S
Reply | Threaded
Open this post in threaded view
|

Re: dsaparam error OpenSSL 1.1.1d

Viktor Dukhovni
On Mon, Nov 11, 2019 at 10:59:52AM +0530, shiva kumar wrote:

> *openssl dsaparam 128 -rand file *
> is taking long time processing the command and not producing any output.

It is waiting for *input* (to decode already generated parameters).
If you want to generate a key you need to provide the "-genkey"
option.  And 128 bit primes are way too short for DSA.  You should
generally use 2048 bits, and definitely avoid anything less than
1024 bits.  The below example generates a 1280-bit key, which is
about as small as I'd be generally willing to go for short to
medium-term keys.

    $ openssl dsaparam -genkey 1280
    Generating DSA parameters, 1280 bit long prime
    This could take some time
    ...
    -----BEGIN DSA PARAMETERS-----
    ...
    -----END DSA PARAMETERS-----
    -----BEGIN DSA PRIVATE KEY-----
    ...
    -----END DSA PRIVATE KEY-----

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: dsaparam error OpenSSL 1.1.1d

OpenSSL - User mailing list
In reply to this post by shiva kumar
  • openssl dsaparam 128 -rand file 

 

Why are you using the -rand option?  Unless this is a special platform, don’t do that.

 

  • is taking long time processing the command and not producing any output.

 

What is your hardware and software?

 

Can you run it under a debugger, and interrupt it sometimes to see where it is?

 

Reply | Threaded
Open this post in threaded view
|

Re: dsaparam error OpenSSL 1.1.1d

OpenSSL - User mailing list

The question about -rand option is valid, but Viktor’s post is right and the rest of my post is wrong :(

 

From: openssl-users <[hidden email]>
Reply-To: Rich Salz <[hidden email]>
Date: Monday, November 11, 2019 at 8:10 AM
To: shiva kumar <[hidden email]>, openssl-users <[hidden email]>
Subject: Re: dsaparam error OpenSSL 1.1.1d

 

  • openssl dsaparam 128 -rand file 

 

Why are you using the -rand option?  Unless this is a special platform, don’t do that.

 

  • is taking long time processing the command and not producing any output.

 

What is your hardware and software?

 

Can you run it under a debugger, and interrupt it sometimes to see where it is?