mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-27 06:21:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
3c49e4ff51
openssl/doc/man7/EVP_PKEY-X25519.pod

116 lines
2.9 KiB
Plaintext
Raw Normal View History

DOC: Refactor provider-keymgmt(7) to give the keytypes their own pages Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11546)
2020-04-15 01:06:12 +08:00
=pod
=head1 NAME
EVP_PKEY-X25519, EVP_PKEY-X448, EVP_PKEY-ED25519, EVP_PKEY-ED448,
EVP_KEYMGMT-X25519, EVP_KEYMGMT-X448, EVP_KEYMGMT-ED25519, EVP_KEYMGMT-ED448
- EVP_PKEY X25519, X448, ED25519 and ED448 keytype and algorithm support
=head1 DESCRIPTION
The B<X25519>, B<X448>, B<ED25519> and B<ED448> keytypes are
doc: remove deprecation notes for apps that are staying. The apps that are staying are: dhparam, dsa, dsaparam, ec, ecparam, gendsa and rsa. The rsautl app remains deprecated. The -dsaparam option to dhparam also remains deprecated. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11575)
2020-04-20 15:22:41 +08:00
implemented in OpenSSL's default and FIPS providers. These implementations
support the associated key, containing the public key I<pub> and the
private key I<priv>.
In the FIPS provider they are non-approved algorithms and do not have the
"fips=yes" property set.
Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
2020-05-26 11:53:07 +08:00
No additional parameters can be set during key generation.
DOC: Refactor provider-keymgmt(7) to give the keytypes their own pages Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11546)
2020-04-15 01:06:12 +08:00
=head2 Common X25519, X448, ED25519 and ED448 parameters
doc: remove deprecation notes for apps that are staying. The apps that are staying are: dhparam, dsa, dsaparam, ec, ecparam, gendsa and rsa. The rsautl app remains deprecated. The -dsaparam option to dhparam also remains deprecated. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11575)
2020-04-20 15:22:41 +08:00
In addition to the common parameters that all keytypes should support (see
L<provider-keymgmt(7)/Common parameters>), the implementation of these keytypes
support the following.
DOC: Refactor provider-keymgmt(7) to give the keytypes their own pages Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11546)
2020-04-15 01:06:12 +08:00
=over 4
=item "pub" (B<OSSL_PKEY_PARAM_PUB_KEY>) <octet string>
The public key value.
=item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <octet string>
The private key value.
Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys EVP_PKEY_[get1|set1]_tls_encodedpoint() only worked if an ameth was present which isn't the case for provided keys. Support has been added to dh, ec and ecx keys. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11898)
2020-05-20 23:20:27 +08:00
=item "tls-encoded-pt" (B<OSSL_PKEY_PARAM_TLS_ENCODED_PT>) <octet string>
Used for getting and setting the encoding of the public key used in a key exchange
message for the TLS protocol.
DOC: Refactor provider-keymgmt(7) to give the keytypes their own pages Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11546)
2020-04-15 01:06:12 +08:00
=back
PROV: Ensure that ED25519 & ED448 keys have a mandatory digest This adds handling of the parameter "mandatory-digest" and responds with an empty string, meaning that no digest may be used. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11576)
2020-04-20 15:29:47 +08:00
=head2 ED25519 and ED448 parameters
=over 4
=item "mandatory-digest" (B<OSSL_PKEY_PARAM_MANDATORY_DIGEST>) <utf8 string>
The empty string, signifying that no digest may be specified.
=back
DOC: Refactor provider-keymgmt(7) to give the keytypes their own pages Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11546)
2020-04-15 01:06:12 +08:00
=head1 CONFORMING TO
=over 4
=item RFC 8032
Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
2020-05-26 11:53:07 +08:00
=item RFC 8410
DOC: Refactor provider-keymgmt(7) to give the keytypes their own pages Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11546)
2020-04-15 01:06:12 +08:00
=back
=head1 EXAMPLES
An B<EVP_PKEY> context can be obtained by calling:
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "X25519", NULL);
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "X448", NULL);
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "ED25519", NULL);
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "ED448", NULL);
An B<ED25519> key can be generated like this:
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "ED25519", NULL);
EVP_PKEY_keygen_init(pctx);
EVP_PKEY_gen(pctx, &pkey);
EVP_PKEY_CTX_free(pctx);
An B<X25519> key can be generated in a similar way:
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "X25519", NULL);
EVP_PKEY_keygen_init(pctx);
EVP_PKEY_gen(pctx, &pkey);
EVP_PKEY_CTX_free(pctx);
=head1 SEE ALSO
L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>,
L<EVP_KEYEXCH-X25519(7)>, L<EVP_KEYEXCH-X448(7)>,
L<EVP_SIGNATURE-ED25519(7)>, L<EVP_SIGNATURE-ED448(7)>
=head1 COPYRIGHT
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut
Reference in New Issue Copy Permalink