123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122 |
- =pod
- =head1 NAME
- EVP_PKEY-X25519, EVP_PKEY-X448, EVP_PKEY-ED25519, EVP_PKEY-ED448,
- EVP_KEYMGMT-X25519, EVP_KEYMGMT-X448, EVP_KEYMGMT-ED25519, EVP_KEYMGMT-ED448
- - EVP_PKEY X25519, X448, ED25519 and ED448 keytype and algorithm support
- =head1 DESCRIPTION
- The B<X25519>, B<X448>, B<ED25519> and B<ED448> keytypes are
- implemented in OpenSSL's default and FIPS providers. These implementations
- support the associated key, containing the public key I<pub> and the
- private key I<priv>.
- In the FIPS provider they are non-approved algorithms and do not have the
- "fips=yes" property set.
- No additional parameters can be set during key generation.
- =head2 Common X25519, X448, ED25519 and ED448 parameters
- In addition to the common parameters that all keytypes should support (see
- L<provider-keymgmt(7)/Common parameters>), the implementation of these keytypes
- support the following.
- =over 4
- =item "group" (B<OSSL_PKEY_PARAM_GROUP_NAME>) <UTF8 string>
- This is only supported by X25519 and X448. The group name must be "x25519" or
- "x448" respectively for those algorithms. This is only present for consistency
- with other key exchange algorithms and is typically not needed.
- =item "pub" (B<OSSL_PKEY_PARAM_PUB_KEY>) <octet string>
- The public key value.
- =item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <octet string>
- The private key value.
- =item "encoded-pub-key" (B<OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY>) <octet string>
- Used for getting and setting the encoding of a public key for the B<X25519> and
- B<X448> key types. Public keys are expected be encoded in a format as defined by
- RFC7748.
- =back
- =head2 ED25519 and ED448 parameters
- =over 4
- =item "mandatory-digest" (B<OSSL_PKEY_PARAM_MANDATORY_DIGEST>) <utf8 string>
- The empty string, signifying that no digest may be specified.
- =back
- =head1 CONFORMING TO
- =over 4
- =item RFC 8032
- =item RFC 8410
- =back
- =head1 EXAMPLES
- An B<EVP_PKEY> context can be obtained by calling:
- EVP_PKEY_CTX *pctx =
- EVP_PKEY_CTX_new_from_name(NULL, "X25519", NULL);
- EVP_PKEY_CTX *pctx =
- EVP_PKEY_CTX_new_from_name(NULL, "X448", NULL);
- EVP_PKEY_CTX *pctx =
- EVP_PKEY_CTX_new_from_name(NULL, "ED25519", NULL);
- EVP_PKEY_CTX *pctx =
- EVP_PKEY_CTX_new_from_name(NULL, "ED448", NULL);
- An B<ED25519> key can be generated like this:
- EVP_PKEY *pkey = NULL;
- EVP_PKEY_CTX *pctx =
- EVP_PKEY_CTX_new_from_name(NULL, "ED25519", NULL);
- EVP_PKEY_keygen_init(pctx);
- EVP_PKEY_gen(pctx, &pkey);
- EVP_PKEY_CTX_free(pctx);
- An B<X25519> key can be generated in a similar way:
- EVP_PKEY *pkey = NULL;
- EVP_PKEY_CTX *pctx =
- EVP_PKEY_CTX_new_from_name(NULL, "X25519", NULL);
- EVP_PKEY_keygen_init(pctx);
- EVP_PKEY_gen(pctx, &pkey);
- EVP_PKEY_CTX_free(pctx);
- =head1 SEE ALSO
- L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>,
- L<EVP_KEYEXCH-X25519(7)>, L<EVP_KEYEXCH-X448(7)>,
- L<EVP_SIGNATURE-ED25519(7)>, L<EVP_SIGNATURE-ED448(7)>
- =head1 COPYRIGHT
- Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
- Licensed under the Apache License 2.0 (the "License"). You may not use
- this file except in compliance with the License. You can obtain a copy
- in the file LICENSE in the source distribution or at
- L<https://www.openssl.org/source/license.html>.
- =cut
|