On Mon, Nov 11, 2019 at 10:59:52AM +0530, shiva kumar wrote:
> *openssl dsaparam 128 -rand file *
> is taking long time processing the command and not producing any output.
It is waiting for *input* (to decode already generated parameters).
If you want to generate a key you need to provide the "-genkey"
option. And 128 bit primes are way too short for DSA. You should
generally use 2048 bits, and definitely avoid anything less than
1024 bits. The below example generates a 1280-bit key, which is
about as small as I'd be generally willing to go for short to
medium-term keys.
$ openssl dsaparam -genkey 1280
Generating DSA parameters, 1280 bit long prime
This could take some time
...
-----BEGIN DSA PARAMETERS-----
...
-----END DSA PARAMETERS-----
-----BEGIN DSA PRIVATE KEY-----
...
-----END DSA PRIVATE KEY-----
--
Viktor.
