Skip to content

Commit

Permalink
openssl-kdf.pod.in: add text on 'salt' and 'info' parameters; small f…
Browse files Browse the repository at this point in the history 
…urther improvements

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from #21469)
  • Loading branch information
@DDvO @paulidale
DDvO authored and paulidale committed Jul 19, 2023
1 parent 61c8146 commit 7b2a3a1
Showing 1 changed file with 32 additions and 7 deletions.
39 changes: 32 additions & 7 deletions doc/man1/openssl-kdf.pod.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,8 +66,7 @@ cases.
=item B<-kdfopt> I<nm>:I<v>

Passes options to the KDF algorithm.
A comprehensive list of parameters can be found in the EVP_KDF_CTX
implementation documentation.
A comprehensive list of parameters can be found in L<EVP_KDF(3)/PARAMETERS>.
Common parameter names used by EVP_KDF_CTX_set_params() are:

=over 4
Expand All @@ -81,9 +80,8 @@ A key must be specified for most KDF algorithms.

=item B<hexkey:>I<string>

Specifies the secret key in hexadecimal form (two hex digits per byte).
The key length must conform to any restrictions of the KDF algorithm.
A key must be specified for most KDF algorithms.
Alternative to the B<key:> option where
the secret key is specified in hexadecimal form (two hex digits per byte).

=item B<pass:>I<string>

Expand All @@ -93,8 +91,35 @@ The password must be specified for PBKDF2 and scrypt.

=item B<hexpass:>I<string>

Specifies the password in hexadecimal form (two hex digits per byte).
The password must be specified for PBKDF2 and scrypt.
Alternative to the B<pass:> option where
the password is specified in hexadecimal form (two hex digits per byte).

=item B<salt:>I<string>

Specifies a non-secret unique cryptographic salt as an alphanumeric string
(use if it contains printable characters only).
The length must conform to any restrictions of the KDF algorithm.
A salt parameter is required for several KDF algorithms,
such as L<EVP_KDF-PBKDF2(7)>.

=item B<hexsalt:>I<string>

Alternative to the B<salt:> option where
the salt is specified in hexadecimal form (two hex digits per byte).

=item B<info:>I<string>

Some KDF implementations, such as L<EVP_KDF-HKDF(7)>, take an 'info' parameter
for binding the derived key material
to application- and context-specific information.
Specifies the info, fixed info, other info or shared info argument
as an alphanumeric string (use if it contains printable characters only).
The length must conform to any restrictions of the KDF algorithm.

=item B<hexinfo:>I<string>

Alternative to the B<info:> option where
the info is specified in hexadecimal form (two hex digits per byte).

=item B<digest:>I<string>

Expand Down

0 comments on commit 7b2a3a1

Please sign in to comment.