# phpman > man > openssl-dhparam(1)

[OPENSSL-DHPARAM(1SSL)](https://www.chedong.com/phpMan.php/man/OPENSSL-DHPARAM/1SSL/markdown)                          OpenSSL                         [OPENSSL-DHPARAM(1SSL)](https://www.chedong.com/phpMan.php/man/OPENSSL-DHPARAM/1SSL/markdown)



## NAME
       openssl-dhparam - DH parameter manipulation and generation

## SYNOPSIS
       **openssl** **dhparam** [**-help**] [**-inform** **DER**|**PEM**] [**-outform** **DER**|**PEM**] [**-in** _filename_] [**-out** _filename_]
       [**-dsaparam**] [**-check**] [**-noout**] [**-text**] [**-2**] [**-3**] [**-5**] [**-engine** _id_] [**-rand** _files_] [**-writerand**
       _file_] [**-provider** _name_] [**-provider-path** _path_] [**-propquery** _propq_] [_numbits_]

## DESCRIPTION
       This command is used to manipulate DH parameter files.

       See "EXAMPLES" in [**openssl-genpkey**(1)](https://www.chedong.com/phpMan.php/man/openssl-genpkey/1/markdown) for examples on how to generate a key using a named safe
       prime group without generating intermediate parameters.

## OPTIONS
### -help
           Print out a usage message.

### -inform -outform
           The input format and output format; the default is **PEM**.  The object is compatible with
           the PKCS#3 **DHparameter** structure.  See [**openssl-format-options**(1)](https://www.chedong.com/phpMan.php/man/openssl-format-options/1/markdown) for details.

### -in
           This specifies the input filename to read parameters from or standard input if this
           option is not specified.

### -out
           This specifies the output filename parameters to. Standard output is used if this option
           is not present. The output filename should **not** be the same as the input filename.

### -dsaparam
           If this option is used, DSA rather than DH parameters are read or created; they are
           converted to DH format.  Otherwise, "strong" primes (such that (p-1)/2 is also prime)
           will be used for DH parameter generation.

           DH parameter generation with the **-dsaparam** option is much faster, and the recommended
           exponent length is shorter, which makes DH key exchange more efficient.  Beware that with
           such DSA-style DH parameters, a fresh DH key should be created for each use to avoid
           small-subgroup attacks that may be possible otherwise.

### -check
           Performs numerous checks to see if the supplied parameters are valid and displays a
           warning if not.

### -2 -3 -5
           The generator to use, either 2, 3 or 5. If present then the input file is ignored and
           parameters are generated instead. If not present but _numbits_ is present, parameters are
           generated with the default generator 2.

       _numbits_
           This option specifies that a parameter set should be generated of size _numbits_. It must
           be the last option. If this option is present then the input file is ignored and
           parameters are generated instead. If this option is not present but a generator (**-2**, **-3**
           or **-5**) is present, parameters are generated with a default length of 2048 bits.  The
           minimim length is 512 bits. The maximum length is 10000 bits.

### -noout
           This option inhibits the output of the encoded version of the parameters.

### -text
           This option prints out the DH parameters in human readable form.

### -engine
           See "Engine Options" in [**openssl**(1)](https://www.chedong.com/phpMan.php/man/openssl/1/markdown).  This option is deprecated.

### -rand -writerand
           See "Random State Options" in [**openssl**(1)](https://www.chedong.com/phpMan.php/man/openssl/1/markdown) for details.

### -provider
### -provider-path
### -propquery
           See "Provider Options" in [**openssl**(1)](https://www.chedong.com/phpMan.php/man/openssl/1/markdown), [**provider**(7)](https://www.chedong.com/phpMan.php/man/provider/7/markdown), and [**property**(7)](https://www.chedong.com/phpMan.php/man/property/7/markdown).

## NOTES
       This command replaces the **dh** and **gendh** commands of previous releases.

## SEE ALSO
       [**openssl**(1)](https://www.chedong.com/phpMan.php/man/openssl/1/markdown), [**openssl-pkeyparam**(1)](https://www.chedong.com/phpMan.php/man/openssl-pkeyparam/1/markdown), [**openssl-dsaparam**(1)](https://www.chedong.com/phpMan.php/man/openssl-dsaparam/1/markdown), [**openssl-genpkey**(1)](https://www.chedong.com/phpMan.php/man/openssl-genpkey/1/markdown).

## HISTORY
       The **-engine** option was deprecated in OpenSSL 3.0.

       The **-C** option was removed in OpenSSL 3.0.

## COPYRIGHT
       Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.

       Licensed under the Apache License 2.0 (the "License").  You may not use this file except in
       compliance with the License.  You can obtain a copy in the file LICENSE in the source
       distribution or at <<https://www.openssl.org/source/license.html>>.



3.0.2                                        2026-06-02                        [OPENSSL-DHPARAM(1SSL)](https://www.chedong.com/phpMan.php/man/OPENSSL-DHPARAM/1SSL/markdown)