dhparam fountain faq

• What do I get?

  Send an empty (no parameters) POST request, and get a unique, 4096-bit, PEM-encoded set of Diffie-Hellman parameters, and nothing else:

  $ curl -sSX POST https://dhfountain.irl.fyi/issue
  -----BEGIN DH PARAMETERS-----
  MIICCAKCAgEA2siKelmmUSYX18SfinUzDTt1llNFNKEFVoho+JysUNgd2tT7mK7U
  r2WYYkQoBiWgRBIcOGNEMeatvBwl8SO26nzAutq4hFpNFsmNIJ34x+72t8E8KmB1
  pqE/xbj0nKRgJnjwCA9l7s1uwpesRtEGFa/8wI8+LplDXU2KviNLfGnJmc/RFdFL
  +TQVjP1wx5OcCVoJ6xPoTrDC6Q/pFUCQ4bQb7zo5mY8yTMI0IrLtQeY+0VI5A/xh
  RaBNs15tKyubnx/bn1I8rlCxbD3OpwNd6eVOp8dP5dyZc5ClT3FIEhcWvJGq3++6
  3HTyqFh1qZHHL5c4Hgbf553bPuGeThaGmlxChljap82aLCfYufUC66mIGDN7+qur
  7I4bbKHCKF6/htn6ReaVL8lLDrLg6a/h8mmirpkMGcyEhWsyGvUxWNKck1CrPJJC
  CwZtOWO6RpAAoYjs1LVNtlib+XV9b6/I9TBLyQPNl9sQENKD8Q/fosKtWGGvIPZG
  82FVGf29YhbnnqwOXoHvK063ckMnu1iHhuByDrPOsDZcXACHIjdOuiTFF5YKrGzU
  U50AtULjxxYZooRY422R/v/p5YZxmKAw1GqPO1zPT0rBmzBJwUyaAxGiDwUeo6cU
  1bnKkNjelU/6TxpfInVkmNV+FZpITrvojtzvTT7kW+NupeekzERaaRsCAQI=
  -----END DH PARAMETERS-----
  

  If the fountain is empty, it will return HTTP status code 503. If the fountain is broken, it will return 500. If the fountain has gone missing, it will return 404.

  Check the issued dhparam before use:

  $ openssl dhparam -check -in mysite.dhparam
  DH parameters appear to be ok.
  -----BEGIN DH PARAMETERS-----
  ...
  

  This should return an error code of 0 for success, and non-zero otherwise.

• Terms & Conditions?

  This service is offered free of charge, and without warranty of any kind. Despite our best effort, the fountain may run dry or be unavailable. The server could catch on fire, or we might get hit by a bus or forget to pay the internet bill. That's how life goes. You agree to roll with it.

  You are free to use this service as a once-off, or to integrate it into your automated systems.

  We keep minimal, anonymized logs of issuances only. No other logs are kept. There are currently no rate or request limits.

• I'm writing an automated...

  You may want to utilize our testing endpoint while writing your code:

  curl -sSX POST https://dhfountain.irl.fyi/test-issue

  And the simulated failure endpoint (fountain empty):

  curl -sSX POST https://dhfountain.irl.fyi/fail-issue

  We prefer you test your code this way to prevent accidentally draining the fountain.

• Prior Art

  This service is not a new idea. We remember, but cannot now find, services similar or identical to ours. Send us email if you have some links or information we can post here.

updated March 2021 by kg
You should send us email and say hello.