=head1 NAME
+openssl-pkeyutl,
pkeyutl - public key algorithm utility
=head1 SYNOPSIS
[B<-pkeyopt opt:value>]
[B<-hexdump>]
[B<-asn1parse>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-engine id>]
[B<-engine_impl>]
=item B<-out filename>
-specifies the output filename to write to or standard output by
+Specifies the output filename to write to or standard output by
default.
=item B<-sigfile file>
=item B<-inkey file>
-the input key file, by default it should be a private key.
+The input key file, by default it should be a private key.
=item B<-keyform PEM|DER|ENGINE>
-the key format PEM, DER or ENGINE. Default is PEM.
+The key format PEM, DER or ENGINE. Default is PEM.
=item B<-passin arg>
-
the input key password source. For more information about the format of B<arg>
+
The input key password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
-
=item B<-peerkey file>
-the peer key file, used by key derivation (agreement) operations.
+The peer key file, used by key derivation (agreement) operations.
=item B<-peerform PEM|DER|ENGINE>
-the peer key format PEM, DER or ENGINE. Default is PEM.
+The peer key format PEM, DER or ENGINE. Default is PEM.
=item B<-pubin>
-the input file is a public key.
+The input file is a public key.
=item B<-certin>
-the input is a certificate containing a public key.
+The input is a certificate containing a public key.
=item B<-rev>
-reverse the order of the input buffer. This is useful for some libraries
+Reverse the order of the input buffer. This is useful for some libraries
(such as CryptoAPI) which represent the buffer in little endian format.
=item B<-sign>
-sign the input data and output the signed result. This requires
+Sign the input data and output the signed result. This requires
a private key.
=item B<-verify>
-verify the input data against the signature file and indicate if the
+Verify the input data against the signature file and indicate if the
verification succeeded or failed.
=item B<-verifyrecover>
-verify the input data and output the recovered data.
+Verify the input data and output the recovered data.
=item B<-encrypt>
-encrypt the input data using a public key.
+Encrypt the input data using a public key.
=item B<-decrypt>
-decrypt the input data using a private key.
+Decrypt the input data using a private key.
=item B<-derive>
-derive a shared secret using the peer key.
+Derive a shared secret using the peer key.
=item B<-kdf algorithm>
=item B<-asn1parse>
-asn1parse the output data, this is useful when combined with the
+Parse the ASN.1 output data, this is useful when combined with the
B<-verifyrecover> option when an ASN1 structure is signed.
+=item B<-rand file...>
+
+A file or files containing random data used to seed the random number
+generator.
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<-engine id>
-
specifying an engine (by its unique B<id> string) will cause B<pkeyutl>
+
Specifying an engine (by its unique B<id> string) will cause B<pkeyutl>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<rsa_pss_saltlen:len>
-For B<pss> mode only this option specifies the salt length. Two special values
-are supported: -1 sets the salt length to the digest length. When signing -2
-sets the salt length to the maximum permissible value. When verifying -2 causes
-the salt length to be automatically determined based on the B<PSS> block
-structure.
+For B<pss> mode only this option specifies the salt length. Three special
+values are supported: "digest" sets the salt length to the digest length,
+"max" sets the salt length to the maximum permissible value. When verifying
+"auto" causes the salt length to be automatically determined based on the
+B<PSS> block structure.
+
+=item B<rsa_mgf1_md:digest>
+
+For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not
+explicitly set in PSS mode then the signing digest is used.
+
+=back
+
+=head1 RSA-PSS ALGORITHM
+
+The RSA-PSS algorithm is a restricted version of the RSA algorithm which only
+supports the sign and verify operations with PSS padding. The following
+additional B<pkeyopt> values are supported:
+
+=over 4
+
+=item B<rsa_padding_mode:mode>, B<rsa_pss_saltlen:len>, B<rsa_mgf1_md:digest>
+
+These have the same meaning as the B<RSA> algorithm with some additional
+restrictions. The padding mode can only be set to B<pss> which is the
+default value.
+
+If the key has parameter restrictions than the digest, MGF1
+digest and salt length are set to the values specified in the parameters.
+The digest and MG cannot be changed and the salt length cannot be set to a
+value less than the minimum restriction.
=back
additional options other than B<digest>. Only the SHA1 digest can be used and
this digest is assumed by default.
-=head1 X25519 ALGORITHM
+=head1 X25519 and X448 ALGORITHMS
-The X25519 algorithm supports key derivation only. Currently there are no
-additional options.
+The X25519 and X448 algorithms support key derivation only. Currently there are
+no additional options.
=head1 EXAMPLES
=head1 COPYRIGHT
-Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
projects / openssl.git / blobdiff