diff options
Diffstat (limited to 'upstream/archlinux/man7/EVP_SIGNATURE-ED25519.7ssl')
| -rw-r--r-- | upstream/archlinux/man7/EVP_SIGNATURE-ED25519.7ssl | 210 |
1 files changed, 210 insertions, 0 deletions
diff --git a/upstream/archlinux/man7/EVP_SIGNATURE-ED25519.7ssl b/upstream/archlinux/man7/EVP_SIGNATURE-ED25519.7ssl new file mode 100644 index 00000000..ac060ba3 --- /dev/null +++ b/upstream/archlinux/man7/EVP_SIGNATURE-ED25519.7ssl @@ -0,0 +1,210 @@ +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. +.ie n \{\ +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" ======================================================================== +.\" +.IX Title "EVP_SIGNATURE-ED25519 7ssl" +.TH EVP_SIGNATURE-ED25519 7ssl 2024-01-30 3.2.1 OpenSSL +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH NAME +EVP_SIGNATURE\-ED25519, +EVP_SIGNATURE\-ED448, +Ed25519, +Ed448 +\&\- EVP_PKEY Ed25519 and Ed448 support +.SH DESCRIPTION +.IX Header "DESCRIPTION" +The \fBEd25519\fR and \fBEd448\fR EVP_PKEY implementation supports key +generation, one-shot digest-sign and digest-verify using the EdDSA +signature scheme described in RFC 8032. It has associated private and +public key formats compatible with RFC 8410. +.SS "EdDSA Instances" +.IX Subsection "EdDSA Instances" +RFC 8032 describes five EdDSA instances: Ed25519, Ed25519ctx, +Ed25519ph, Ed448, Ed448ph. +.PP +The instances Ed25519, Ed25519ctx, Ed448 are referred to as \fBPureEdDSA\fR +schemes. For these three instances, the sign and verify procedures +require access to the complete message (not a digest of the message). +.PP +The instances Ed25519ph, Ed448ph are referred to as \fBHashEdDSA\fR +schemes. For these two instances, the sign and verify procedures do +not require access to the complete message; they operate on a hash of +the message. For Ed25519ph, the hash function is SHA512. For +Ed448ph, the hash function is SHAKE256 with an output length of 512 +bits. +.PP +The instances Ed25519ctx, Ed25519ph, Ed448, Ed448ph accept an optional +\&\fBcontext-string\fR as input to sign and verify operations (and for +Ed25519ctx, the context-string must be nonempty). For the Ed25519 +instance, a nonempty context-string is not permitted. +.SS "ED25519 and ED448 Signature Parameters" +.IX Subsection "ED25519 and ED448 Signature Parameters" +Two parameters can be set during signing or verification: the EdDSA +\&\fBinstance name\fR and the \fBcontext-string value\fR. They can be set by +passing an OSSL_PARAM array to \fBEVP_DigestSignInit_ex()\fR. +.IP \(bu 4 +"instance" (\fBOSSL_SIGNATURE_PARAM_INSTANCE\fR) <utf8 string> +.Sp +One of the five strings "Ed25519", "Ed25519ctx", "Ed25519ph", "Ed448", "Ed448ph". +.Sp +"Ed25519", "Ed25519ctx", "Ed25519ph" are valid only for an Ed25519 EVP_PKEY. +.Sp +"Ed448", "Ed448ph" are valid only for an Ed448 EVP_PKEY. +.IP \(bu 4 +"context-string" (\fBOSSL_SIGNATURE_PARAM_CONTEXT_STRING\fR) <octet string> +.Sp +A string of octets with length at most 255. +.PP +Both of these parameters are optional. +.PP +If the instance name is not specified, then the default "Ed25519" or +"Ed448" is used. +.PP +If a context-string is not specified, then an empty context-string is +used. +.PP +Note that a message digest name must \fBNOT\fR be specified when signing +or verifying. +.PP +See \fBEVP_PKEY\-X25519\fR\|(7) for information related to \fBX25519\fR and \fBX448\fR keys. +.PP +The following signature parameters can be retrieved using +\&\fBEVP_PKEY_CTX_get_params()\fR. +.IP \(bu 4 +"algorithm-id" (\fBOSSL_SIGNATURE_PARAM_ALGORITHM_ID\fR) <octet string> +.IP \(bu 4 +"instance" (\fBOSSL_SIGNATURE_PARAM_INSTANCE\fR) <utf8 string> +.IP \(bu 4 +"context-string" (\fBOSSL_SIGNATURE_PARAM_CONTEXT_STRING\fR) <octet string> +.PP +The parameters are described in \fBprovider\-signature\fR\|(7). +.SH NOTES +.IX Header "NOTES" +The PureEdDSA instances do not support the streaming mechanism of +other signature algorithms using, for example, \fBEVP_DigestUpdate()\fR. +The message to sign or verify must be passed using the one-shot +\&\fBEVP_DigestSign()\fR and \fBEVP_DigestVerify()\fR functions. +.PP +The HashEdDSA instances do not yet support the streaming mechanisms +(so the one-shot functions must be used with HashEdDSA as well). +.PP +When calling \fBEVP_DigestSignInit()\fR or \fBEVP_DigestVerifyInit()\fR, the +digest \fItype\fR parameter \fBMUST\fR be set to NULL. +.PP +Applications wishing to sign certificates (or other structures such as +CRLs or certificate requests) using Ed25519 or Ed448 can either use \fBX509_sign()\fR +or \fBX509_sign_ctx()\fR in the usual way. +.PP +Ed25519 or Ed448 private keys can be set directly using +\&\fBEVP_PKEY_new_raw_private_key\fR\|(3) or loaded from a PKCS#8 private key file +using \fBPEM_read_bio_PrivateKey\fR\|(3) (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key. +.PP +Ed25519 or Ed448 public keys can be set directly using +\&\fBEVP_PKEY_new_raw_public_key\fR\|(3) or loaded from a SubjectPublicKeyInfo +structure in a PEM file using \fBPEM_read_bio_PUBKEY\fR\|(3) (or similar function). +.PP +Ed25519 and Ed448 can be tested with the \fBopenssl\-speed\fR\|(1) application +since version 1.1.1. +Valid algorithm names are \fBed25519\fR, \fBed448\fR and \fBeddsa\fR. If \fBeddsa\fR is +specified, then both Ed25519 and Ed448 are benchmarked. +.SH EXAMPLES +.IX Header "EXAMPLES" +To sign a message using an ED25519 EVP_PKEY structure: +.PP +.Vb 5 +\& void do_sign(EVP_PKEY *ed_key, unsigned char *msg, size_t msg_len) +\& { +\& size_t sig_len; +\& unsigned char *sig = NULL; +\& EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); +\& +\& const OSSL_PARAM params[] = { +\& OSSL_PARAM_utf8_string ("instance", "Ed25519ctx", 10), +\& OSSL_PARAM_octet_string("context\-string", (unsigned char *)"A protocol defined context string", 33), +\& OSSL_PARAM_END +\& }; +\& +\& /* The input "params" is not needed if default options are acceptable. +\& Use NULL in place of "params" in that case. */ +\& EVP_DigestSignInit_ex(md_ctx, NULL, NULL, NULL, NULL, ed_key, params); +\& /* Calculate the required size for the signature by passing a NULL buffer. */ +\& EVP_DigestSign(md_ctx, NULL, &sig_len, msg, msg_len); +\& sig = OPENSSL_zalloc(sig_len); +\& +\& EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len); +\& ... +\& OPENSSL_free(sig); +\& EVP_MD_CTX_free(md_ctx); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY\-X25519\fR\|(7) +\&\fBprovider\-signature\fR\|(7), +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_DigestVerifyInit\fR\|(3), +.SH COPYRIGHT +.IX Header "COPYRIGHT" +Copyright 2017\-2023 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +<https://www.openssl.org/source/license.html>. |