projects
/
u
/
mdw
/
catacomb
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
dh_kcdsagen: Generate cofactor first.
[u/mdw/catacomb]
/
key.1
diff --git
a/key.1
b/key.1
index
459a0b3
..
9efedf7
100644
(file)
--- a/
key.1
+++ b/
key.1
@@
-48,7
+48,7
@@
is one of:
.RI [ item ...]
.br
.B add
.RI [ item ...]
.br
.B add
-.RB [ \-lqrLS ]
+.RB [ \-lqrL
K
S ]
.RB [ \-a
.IR alg ]
.RB [ \-b | \-B
.RB [ \-a
.IR alg ]
.RB [ \-b | \-B
@@
-462,12
+462,17
@@
using a passphrase.
Suppresses the progress indication which is usually generated while
time-consuming key generation tasks are being performed.
.TP
Suppresses the progress indication which is usually generated while
time-consuming key generation tasks are being performed.
.TP
-.BI "\-L,
-
-lim-lee"
+.BI "\-L,
\-\
-lim-lee"
When generating Diffie-Hellman parameters, generate a Lim-Lee prime
rather than a random (or safe) prime. See the details on Diffie-Hellman
key generation below.
.TP
When generating Diffie-Hellman parameters, generate a Lim-Lee prime
rather than a random (or safe) prime. See the details on Diffie-Hellman
key generation below.
.TP
-.BI "\-S, --subgroup"
+.BI "\-K, \-\-kcdsa"
+When generating Diffie-Hellman parameters, generate a KCDSA-style
+Lim-Lee prime rather than a random (or safe) prime. See the details on
+Diffie-Hellman key generation below.
+.TP
+.BI "\-S, \-\-subgroup"
When generating Diffie-Hellman parameters with a Lim-Lee prime, choose a
generator of a prime-order subgroup rather than a subgroup of order
.RI ( p "- 1)/2."
When generating Diffie-Hellman parameters with a Lim-Lee prime, choose a
generator of a prime-order subgroup rather than a subgroup of order
.RI ( p "- 1)/2."
@@
-578,7
+583,7
@@
If no
.I q
size is selected using the
.B \-B
.I q
size is selected using the
.B \-B
-option and the Lim-Lee prime option
is
disabled, then
+option and the Lim-Lee prime option
s are
disabled, then
.I p
is chosen to be a `safe' prime (i.e.,
.IR p \ =\ 2 q \ +\ 1,
.I p
is chosen to be a `safe' prime (i.e.,
.IR p \ =\ 2 q \ +\ 1,
@@
-602,7
+607,7
@@
is a multiple of
.IP
If the
.B \-L
.IP
If the
.B \-L
-option was given Lim-Lee primes are selected: the parameters are chosen
+option was given
,
Lim-Lee primes are selected: the parameters are chosen
such that
.IR p \ =\ 2\ q \*(us0\*(ue\ q \*(us1\*(ue\ q \*(us2\*(ue\ ...\ +\ 1,
where the
such that
.IR p \ =\ 2\ q \*(us0\*(ue\ q \*(us1\*(ue\ q \*(us2\*(ue\ ...\ +\ 1,
where the
@@
-612,8
+617,22
@@
are primes at least as large as the setting given by the
option (or 256 bits, if no setting was given).
.IP
If the
option (or 256 bits, if no setting was given).
.IP
If the
+.B \-K
+option was given, KCDSA-style Lim-Lee primes are selected: the
+parameters are chosen such that
+.IR p \ =\ 2\ q\ v \ +\ 1,
+where
+.IR p,
+.I q
+and
+.I v
+are primes.
+.IP
+If the
.B \-S
.B \-S
-option was given, the generator
+or
+.B \-K
+options were given, the generator
.I g
is chosen to generate the subgroup of order
.IR q \*(us0\*(ue;
.I g
is chosen to generate the subgroup of order
.IR q \*(us0\*(ue;