[thirdparty/openssl.git] / doc / man7 / EVP_PKEY-X25519.pod

=pod

=head1 NAME

EVP_PKEY-X25519, EVP_PKEY-X448, EVP_PKEY-ED25519, EVP_PKEY-ED448,
EVP_KEYMGMT-X25519, EVP_KEYMGMT-X448, EVP_KEYMGMT-ED25519, EVP_KEYMGMT-ED448
- EVP_PKEY X25519, X448, ED25519 and ED448 keytype and algorithm support

=head1 DESCRIPTION

The B<X25519>, B<X448>, B<ED25519> and B<ED448> keytypes are
implemented in OpenSSL's default and FIPS providers.  These implementations
support the associated key, containing the public key I<pub> and the
private key I<priv>.

In the FIPS provider they are non-approved algorithms and do not have the
"fips=yes" property set.
No additional parameters can be set during key generation.


=head2 Common X25519, X448, ED25519 and ED448 parameters

In addition to the common parameters that all keytypes should support (see
L<provider-keymgmt(7)/Common parameters>), the implementation of these keytypes
support the following.

=over 4

=item "group" (B<OSSL_PKEY_PARAM_GROUP_NAME>) <UTF8 string>

This is only supported by X25519 and X448. The group name must be "x25519" or
"x448" respectively for those algorithms. This is only present for consistency
with other key exchange algorithms and is typically not needed.

=item "pub" (B<OSSL_PKEY_PARAM_PUB_KEY>) <octet string>

The public key value.

=item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <octet string>

The private key value.

=item "encoded-pub-key" (B<OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY>) <octet string>

Used for getting and setting the encoding of a public key for the B<X25519> and
B<X448> key types. Public keys are expected be encoded in a format as defined by
RFC7748.

=back

=head2 ED25519 and ED448 parameters

=over 4

=item "mandatory-digest" (B<OSSL_PKEY_PARAM_MANDATORY_DIGEST>) <UTF8 string>

The empty string, signifying that no digest may be specified.

=back

=head1 CONFORMING TO

=over 4

=item RFC 8032

=item RFC 8410

=back

=head1 EXAMPLES

An B<EVP_PKEY> context can be obtained by calling:

    EVP_PKEY_CTX *pctx =
        EVP_PKEY_CTX_new_from_name(NULL, "X25519", NULL);

    EVP_PKEY_CTX *pctx =
        EVP_PKEY_CTX_new_from_name(NULL, "X448", NULL);

    EVP_PKEY_CTX *pctx =
        EVP_PKEY_CTX_new_from_name(NULL, "ED25519", NULL);

    EVP_PKEY_CTX *pctx =
        EVP_PKEY_CTX_new_from_name(NULL, "ED448", NULL);

An B<X25519> key can be generated like this:

    pkey = EVP_Q_keygen(NULL, NULL, "X25519");

An B<X448>, B<ED25519>, or B<ED448> key can be generated likewise.

=head1 SEE ALSO

L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>,
L<EVP_KEYEXCH-X25519(7)>, L<EVP_KEYEXCH-X448(7)>,
L<EVP_SIGNATURE-ED25519(7)>, L<EVP_SIGNATURE-ED448(7)>

=head1 COPYRIGHT

Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
33df1cfd RL	1	=pod
	2
	3	=head1 NAME
	4
	5	EVP_PKEY-X25519, EVP_PKEY-X448, EVP_PKEY-ED25519, EVP_PKEY-ED448,
	6	EVP_KEYMGMT-X25519, EVP_KEYMGMT-X448, EVP_KEYMGMT-ED25519, EVP_KEYMGMT-ED448
	7	- EVP_PKEY X25519, X448, ED25519 and ED448 keytype and algorithm support
	8
	9	=head1 DESCRIPTION
	10
	11	The B<X25519>, B<X448>, B<ED25519> and B<ED448> keytypes are
8c30dfee P	12	implemented in OpenSSL's default and FIPS providers. These implementations
	13	support the associated key, containing the public key I<pub> and the
	14	private key I<priv>.
	15
	16	In the FIPS provider they are non-approved algorithms and do not have the
	17	"fips=yes" property set.
b8086652 SL	18	No additional parameters can be set during key generation.
b8086652 SL	19
33df1cfd RL	20
	21	=head2 Common X25519, X448, ED25519 and ED448 parameters
	22
8c30dfee P	23	In addition to the common parameters that all keytypes should support (see
	24	L<provider-keymgmt(7)/Common parameters>), the implementation of these keytypes
	25	support the following.
33df1cfd RL	26
	27	=over 4
	28
90929138 MC	29	=item "group" (B<OSSL_PKEY_PARAM_GROUP_NAME>) <UTF8 string>
	30
	31	This is only supported by X25519 and X448. The group name must be "x25519" or
8c1cbc72	32	"x448" respectively for those algorithms. This is only present for consistency
90929138 MC	33	with other key exchange algorithms and is typically not needed.
90929138 MC	34
33df1cfd RL	35	=item "pub" (B<OSSL_PKEY_PARAM_PUB_KEY>) <octet string>
	36
	37	The public key value.
	38
	39	=item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <octet string>
	40
	41	The private key value.
	42
5ac8fb58	43	=item "encoded-pub-key" (B<OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY>) <octet string>
6a9bd929	44
5ac8fb58 MC	45	Used for getting and setting the encoding of a public key for the B<X25519> and
	46	B<X448> key types. Public keys are expected be encoded in a format as defined by
	47	RFC7748.
6a9bd929	48
33df1cfd RL	49	=back
33df1cfd RL	50
1a7328c8 RL	51	=head2 ED25519 and ED448 parameters
	52
	53	=over 4
	54
c9f18e59	55	=item "mandatory-digest" (B<OSSL_PKEY_PARAM_MANDATORY_DIGEST>) <UTF8 string>
1a7328c8 RL	56
	57	The empty string, signifying that no digest may be specified.
	58
	59	=back
	60
33df1cfd RL	61	=head1 CONFORMING TO
	62
	63	=over 4
	64
	65	=item RFC 8032
	66
b8086652 SL	67	=item RFC 8410
b8086652 SL	68
33df1cfd RL	69	=back
	70
	71	=head1 EXAMPLES
	72
	73	An B<EVP_PKEY> context can be obtained by calling:
	74
	75	EVP_PKEY_CTX *pctx =
	76	EVP_PKEY_CTX_new_from_name(NULL, "X25519", NULL);
	77
	78	EVP_PKEY_CTX *pctx =
	79	EVP_PKEY_CTX_new_from_name(NULL, "X448", NULL);
	80
	81	EVP_PKEY_CTX *pctx =
	82	EVP_PKEY_CTX_new_from_name(NULL, "ED25519", NULL);
	83
	84	EVP_PKEY_CTX *pctx =
	85	EVP_PKEY_CTX_new_from_name(NULL, "ED448", NULL);
	86
f9253152	87	An B<X25519> key can be generated like this:
33df1cfd	88
f9253152	89	pkey = EVP_Q_keygen(NULL, NULL, "X25519");
33df1cfd	90
f9253152	91	An B<X448>, B<ED25519>, or B<ED448> key can be generated likewise.
33df1cfd RL	92
	93	=head1 SEE ALSO
	94
	95	L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>,
	96	L<EVP_KEYEXCH-X25519(7)>, L<EVP_KEYEXCH-X448(7)>,
	97	L<EVP_SIGNATURE-ED25519(7)>, L<EVP_SIGNATURE-ED448(7)>
	98
	99	=head1 COPYRIGHT
	100
	101	Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
	102
	103	Licensed under the Apache License 2.0 (the "License"). You may not use
	104	this file except in compliance with the License. You can obtain a copy
	105	in the file LICENSE in the source distribution or at
	106	L<https://www.openssl.org/source/license.html>.
	107
	108	=cut