summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
13735cf)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/5481)
otherwise someone would have to type in the password every time the
server needs to access the key.
otherwise someone would have to type in the password every time the
server needs to access the key.
-For X25519, it's treated as a distinct algorithm but not as one of
+For X25519 and X448, it's treated as a distinct algorithm but not as one of
the curves listed with 'ecparam -list_curves' option. You can use
the following command to generate an X25519 key:
the curves listed with 'ecparam -list_curves' option. You can use
the following command to generate an X25519 key:
-=head1 X25519 KEY GENERATION OPTIONS
-
-The X25519 algorithm does not currently support any key generation options.
+=head1 X25519 and X448 KEY GENERATION OPTIONS
+The X25519 and X448 algorithms do not currently support any key generation
+options.
additional options other than B<digest>. Only the SHA1 digest can be used and
this digest is assumed by default.
additional options other than B<digest>. Only the SHA1 digest can be used and
this digest is assumed by default.
+=head1 X25519 and X448 ALGORITHMS
-The X25519 algorithm supports key derivation only. Currently there are no
-additional options.
+The X25519 and X448 algorithms support key derivation only. Currently there are
+no additional options.
-Ed25519 - EVP_PKEY Ed25519 support
+Ed25519,
+Ed448
+- EVP_PKEY Ed25519 and Ed448 support
-The B<Ed25519> EVP_PKEY implementation supports key generation, one shot
-digest sign and digest verify using PureEdDSA and B<Ed25519> (see RFC8032).
-It has associated private and public key formats compatible with
+The B<Ed25519> and B<Ed448> EVP_PKEY implementation supports key generation,
+one-shot digest sign and digest verify using PureEdDSA and B<Ed25519> or B<Ed448>
+(see RFC8032). It has associated private and public key formats compatible with
draft-ietf-curdle-pkix-04.
draft-ietf-curdle-pkix-04.
-No additional parameters can be set during key generation one shot signing or
+No additional parameters can be set during key generation one-shot signing or
verification. In particular, because PureEdDSA is used, when signing or
verifying a digest must B<NOT> be specified.
verification. In particular, because PureEdDSA is used, when signing or
verifying a digest must B<NOT> be specified.
The PureEdDSA algorithm does not support the streaming mechanism
of other signature algorithms using, for example, EVP_DigestUpdate().
The PureEdDSA algorithm does not support the streaming mechanism
of other signature algorithms using, for example, EVP_DigestUpdate().
-The message to sign or verify must be passed using the one shot
+The message to sign or verify must be passed using the one-shot
EVP_DigestSign() asn EVP_DigestVerify() functions.
When calling EVP_DigestSignInit() or EVP_DigestSignUpdate() the
digest parameter B<MUST> be set to B<NULL>.
Applications wishing to sign certificates (or other structures such as
EVP_DigestSign() asn EVP_DigestVerify() functions.
When calling EVP_DigestSignInit() or EVP_DigestSignUpdate() the
digest parameter B<MUST> be set to B<NULL>.
Applications wishing to sign certificates (or other structures such as
-CRLs or certificate requests) using Ed25519 can either use X509_sign()
+CRLs or certificate requests) using Ed25519 or Ed448 can either use X509_sign()
or X509_sign_ctx() in the usual way.
A context for the B<Ed25519> algorithm can be obtained by calling:
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);
or X509_sign_ctx() in the usual way.
A context for the B<Ed25519> algorithm can be obtained by calling:
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);
+For the B<Ed448> algorithm a context can be obtained by calling:
+
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED448, NULL);
+
=head1 EXAMPLE
This example generates an B<ED25519> private key and writes it to standard
=head1 EXAMPLE
This example generates an B<ED25519> private key and writes it to standard
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
-X25519 - EVP_PKEY X25519 support
+X25519,
+X448
+- EVP_PKEY X25519 and X448 support
-The B<X25519> EVP_PKEY implementation supports key generation and key
-derivation using B<X25519>. It has associated private and public key formats
-compatible with draft-ietf-curdle-pkix-03.
+The B<X25519> and B<X448> EVP_PKEY implementation supports key generation and
+key derivation using B<X25519> and B<X448>. It has associated private and public
+key formats compatible with draft-ietf-curdle-pkix-03.
No additional parameters can be set during key generation.
No additional parameters can be set during key generation.
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL);
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL);
+For the B<X448> algorithm a context can be obtained by calling:
+
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X448, NULL);
+
=head1 EXAMPLE
This example generates an B<X25519> private key and writes it to standard
=head1 EXAMPLE
This example generates an B<X25519> private key and writes it to standard
PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
The key derivation example in L<EVP_PKEY_derive(3)> can be used with
PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
The key derivation example in L<EVP_PKEY_derive(3)> can be used with
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy