Thanks to Matt Caswell for helping me fix the DSA question. His
solution, based of the information I provided, was:
openssl genpkey -genparam -algorithm DSA -pkeyopt \
dsa_paramgen_bits:2048 -out dsa.params
openssl genpkey -paramfile dsa.params -out dsa.key
Which leads to my next question. For general application and ssh level
defense, is 2048 the right bit amount? Is there a reason not to go to
4096 absent very high request counts? Are there other security flags I
should use?
I'm currently reading Ivan's "OpenSSL cookbook but some of it is slow to
sink in.
Thanks!
Leam
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
