[B<-encrypt>]
[B<-decrypt>]
[B<-derive>]
+[B<-kdf algorithm>]
+[B<-kdflen length>]
[B<-pkeyopt opt:value>]
[B<-hexdump>]
[B<-asn1parse>]
=item B<-pubin>
-the input file is a public key.
+the input file is a public key.
=item B<-certin>
-the input is a certificate containing a public key.
+the input is a certificate containing a public key.
=item B<-rev>
derive a shared secret using the peer key.
+=item B<-kdf algorithm>
+
+Use key derivation function B<algorithm>. The supported algorithms are
+at present B<TLS1-PRF> and B<HKDF>.
+Note: additional parameters and the KDF output length will normally have to be
+set for this to work. See L<EVP_PKEY_HKDF(3)> and L<EVP_PKEY_TLS1_PRF(3)>
+for the supported string parameters of each algorithm.
+
+=item B<-kdflen length>
+
+Set the output length for KDF.
+
=item B<-pkeyopt opt:value>
Public key options specified as opt:value. See NOTES below for more details.
When used with the B<-engine> option, it specifies to also use
engine B<id> for crypto operations.
-
=back
=head1 NOTES
PKCS#1 padding, B<sslv23> for SSLv23 padding, B<none> for no padding, B<oaep>
for B<OAEP> mode, B<x931> for X9.31 mode and B<pss> for PSS.
-In PKCS#1 padding if the message digest is not set then the supplied data is
+In PKCS#1 padding if the message digest is not set then the supplied data is
signed or verified directly instead of using a B<DigestInfo> structure. If a
digest is set then the a B<DigestInfo> structure is used and its the length
must correspond to the digest type.
additional options other than B<digest>. Only the SHA1 digest can be used and
this digest is assumed by default.
+=head1 X25519 ALGORITHM
+
+The X25519 algorithm supports key derivation only. Currently there are no
+additional options.
+
=head1 EXAMPLES
Sign some data using a private key:
openssl pkeyutl -derive -inkey key.pem -peerkey pubkey.pem -out secret
+Hexdump 48 bytes of TLS1 PRF using digest B<SHA256> and shared secret and
+seed consisting of the single byte 0xFF:
+
+ openssl pkeyutl -kdf TLS1-PRF -kdflen 48 -pkeyopt md:SHA256 \
+ -pkeyopt hexsecret:ff -pkeyopt hexseed:ff -hexdump
+
=head1 SEE ALSO
L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)>
-L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>
+L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>,
+L<EVP_PKEY_HKDF(3)>, L<EVP_PKEY_TLS1_PRF(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut