What do the dots and pluses mean when OpenSSL generates keys?

Question

When OpenSSL generates keys you'll always see a series of periods/dots (.) and pluses (+).

openssl dhparam -text -noout -outform PEM -5 2048

............+........+...................................................................................................................................................................+..........................+......+......+..........................................................................................................................................................................................+....................................................................................................................................................................+..............................................................................................................................+.............................................................................................................................+.......+............................................................................................................................+..+.......................................................+....................................................................................................................................+..................................+...........................................................+...........................................................................................................................................................................................................................................................................................................+.+...................................................................................................+................................................................................................+.....+....+.................+.......................................................+.............................................................................................+...............................................................................................................................................................+................+....................................................+....................................................................................+...........................................................................................................................................................................................................................................................................................................................................................................................................................................................+.......................................................................+......................................................................................................................................................................................................................+............................................................+...........................................................................+.............................................................+.......................................+....................................................................................+............................................................................................................................................................+..................+...........................................................+.......................................................................................+.....................................................................................................................+...............................................................................................+.............................+.....................................+..................+...........................................................................................................+...........................................+...+.............................................................................................................................................................................+....................................................+............+.............................................................................................................................................................+.....................................+.....+.........................+...........................................................+..........................................................................................+............................................................................................................................................+.................................................+..........................................................................................+.......................+..........................................................................................+......................................................................................................................................................................................+.................................................................................................+...........................................................+.............................................................................................................................+......................+.............................................................................................................................+........................................+..........................................................................+..............................................+............................................................+...+.................................................................................+............................................+................+..........+.........+.....................................+...........................................+..........................................................................................................+........................................................................................................................................................................................................................................................................................................................................................+...........................................................................+..........................+..................................+...........................................................+................................................................................+..+.........................+..................................................................................................................................+........................+.......................................................+..........................................................................................+..........................................+.+...................................................+............................................................................................................+.........................................................................................................................................................................................................+.................................................................................................+....................+.......................................................................................................................+...............................+............................................................................+...............................+....................................................................................................................................................................................................................................................................................................................................................................................................................................+.........................................+.....................+........................................................................+.....................+..........+...............................................................+...........+...............................+....++*++*

What do they mean?

I too was curious so I opened up the code and did some poking around. I found this information by looking at the openssl source code under apps/dhparam.c static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) { char c = '*'; if (p == 0) c = '.'; if (p == 1) c = '+'; if (p == 2) c = '*'; if (p == 3) c = '\n'; ... Which is used to a callback to BN_GENCB_set(&cb, dh_cb, bio_err); Which is defined in crypto/bn/bn.h /* Macro to populate a BN_GENCB structure with a "new"-style callback */ # define BN_GENCB_set(gencb, callback, cb_arg) { \ BN_GENCB *tmp_gencb = (gencb); \ tmp_gencb->ver = 2; \ tmp_ — sverasch, Oct 15 '15 at 20:00

score 76 · Accepted Answer · edited Oct 10 '16 at 03:48

76

When computing DHPARAM you will get these as the output while computing Diffie Hellman parameters:

. : A potential prime number was generated.
+ : Number is being tested for primality.
* : A prime number was found.

References:

source code: dh_cb function in dhparam.c
man page: dhparam

edited Oct 10 '16 at 03:48

coderjoe

103
2

answered Sep 09 '13 at 06:19

Lucas Kauffman

54,229
17
113
196

I'm curious: where did you get this information? I don't doubt it's correct, but I haven't been able to find a manual page or other documentation about it. I did a Google search for `"A potential prime number was generated"` and found a blog that has the exact same verbatim information, so I assume it's quoted from *somewhere*, but I haven't found any official source (maybe source-code comments?). – apsillers Sep 09 '13 at 15:08
The source can be found here: https://github.com/openssl/openssl/blob/6f0ac0e2f27d9240516edb9a23b7863e7ad02898/apps/dhparam.c#L362 – coderjoe Oct 10 '16 at 01:34

score 22 · Answer 2 · edited May 17 '22 at 09:14

In the context of Diffie-Hellman parameter generation, . means a potential prime has been generated. + means one iteration of the Miller-Rabin primality test have been passed. * means a prime has been found that satisfies one iteration of the Miller-Rabin primality test.

Under default conditions, for generating a prime with at least 1300 bits, two iterations of the Miller-Rabin primality test are done. That's why you see ++*++* at the end. The first + means the prime p itself has passed one iteration of the Miller-Rabin primality test. The second + means the (p-1)/2 also has passed one iteration of the Miller-Rabin primality test. The first * indicates both p and (p-1)/2 has passed an iteration of the Miller-Rabin primality test.

Then both are retested again (since BN_prime_checks_for_size(2048) == 2 for two iterations), so you see ++* again.

Since p and (p-1)/2 passed both iterations of primality tests, the process stops and returns p.

So if you see one +, it means a candidate prime generated passed one iteration of the primality test but (p-1)/2 didn't. If you see ++* but not ++*++* it means both p and (p-1)/2 passed the first iteration of primality tests but one of them failed the second iteration (which in all likelihood, would never happen for 2048 bit keys and longer -- a cosmic ray flipping a bit during the calculation is more likely).

References:

man page: BN_GENCB_call
man page: BN_is_prime_fasttest_ex
source code: BN_generate_prime_ex
source code: BN_prime_checks_for_size

What do the dots and pluses mean when OpenSSL generates keys?

2 Answers2