X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=doc%2Fman1%2Fpkeyutl.pod;h=033360f482b0f6b1133ea39d2176aa45096e66af;hb=6a6d9ecd1dff669c162e8ab940dac5db2e82679d;hp=c566f6d892c31d892266506dc1d4874f45f0814a;hpb=a7cef52f9b961dcb1e5d0c3b75185a12a88ad2db;p=openssl.git diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod index c566f6d892..033360f482 100644 --- a/doc/man1/pkeyutl.pod +++ b/doc/man1/pkeyutl.pod @@ -62,7 +62,7 @@ if this option is not specified. This indicates that the input data is raw data, which is not hashed by any message digest algorithm. The user can specify a digest algorithm by using the B<-digest> option. This option can only be used with B<-sign> and -B<-verify>. +B<-verify> and must be used with the Ed25519 and Ed448 algorithms. =item B<-digest algorithm> @@ -216,21 +216,18 @@ hash the input data. It is used (by some algorithms) for sanity-checking the lengths of data passed in to the B and for creating the structures that make up the signature (e.g. B in RSASSA PKCS#1 v1.5 signatures). -This utility does not hash the input data but rather it will use the data -directly as input to the signature algorithm. Depending on the key type, -signature type, and mode of padding, the maximum acceptable lengths of input -data differ. The signed data can't be longer than the key modulus with RSA. In -case of ECDSA and DSA the data shouldn't be longer than the field -size, otherwise it will be silently truncated to the field size. In any event -the input size must not be larger than the largest supported digest size. +This utility does not hash the input data (except where -rawin is used) but +rather it will use the data directly as input to the signature algorithm. +Depending on the key type, signature type, and mode of padding, the maximum +acceptable lengths of input data differ. The signed data can't be longer than +the key modulus with RSA. In case of ECDSA and DSA the data shouldn't be longer +than the field size, otherwise it will be silently truncated to the field size. +In any event the input size must not be larger than the largest supported digest +size. In other words, if the value of digest is B the input should be the 20 bytes long binary encoding of the SHA-1 hash function output. -The Ed25519 and Ed448 signature algorithms are not supported by this utility. -They accept non-hashed input, but this utility can only be used to sign hashed -input. - =head1 RSA ALGORITHM The RSA algorithm generally supports the encrypt, decrypt, sign, @@ -299,26 +296,37 @@ value less than the minimum restriction. =head1 DSA ALGORITHM The DSA algorithm supports signing and verification operations only. Currently -there are no additional options other than B. Only the SHA1 -digest can be used and this digest is assumed by default. +there are no additional B<-pkeyopt> options other than B. The SHA1 +digest is assumed by default. =head1 DH ALGORITHM The DH algorithm only supports the derivation operation and no additional -options. +B<-pkeyopt> options. =head1 EC ALGORITHM The EC algorithm supports sign, verify and derive operations. The sign and -verify operations use ECDSA and derive uses ECDH. Currently there are no -additional options other than B. Only the SHA1 digest can be used and -this digest is assumed by default. +verify operations use ECDSA and derive uses ECDH. SHA1 is assumed by default for +the B<-pkeyopt> B option. =head1 X25519 and X448 ALGORITHMS The X25519 and X448 algorithms support key derivation only. Currently there are no additional options. +=head1 Ed25519 and Ed448 ALGORITHMS + +These algorithms only support signing and verifying. OpenSSL only implements the +"pure" variants of these algorithms so raw data can be passed directly to them +without hashing them first. The option "-rawin" must be used with these +algorithms with no "-digest" specified. Additionally OpenSSL only supports +"oneshot" operation with these algorithms. This means that the entire file to +be signed/verified must be read into memory before processing it. Signing or +Verifying very large files should be avoided. Additionally the size of the file +must be known for this to work. If the size of the file cannot be determined +(for example if the input is stdin) then the sign or verify operation will fail. + =head1 SM2 The SM2 algorithm supports sign, verify, encrypt and decrypt operations. For