diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-03-01 16:29:47 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-03-03 16:07:25 +0000 |
commit | 924ec89a2499ad18009412c6688b02452735a858 (patch) | |
tree | 872ea98de4bd6352d90f93745703a03c6c391492 /doc/apps | |
parent | 8185e649f8faf04ad0e1896e8b1c1702d3509088 (diff) |
Add KDF support to pkeyutl. Update documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'doc/apps')
-rw-r--r-- | doc/apps/pkeyutl.pod | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/apps/pkeyutl.pod b/doc/apps/pkeyutl.pod index a2da2558f6..0426009094 100644 --- a/doc/apps/pkeyutl.pod +++ b/doc/apps/pkeyutl.pod @@ -25,6 +25,8 @@ B<openssl> B<pkeyutl> [B<-encrypt>] [B<-decrypt>] [B<-derive>] +[B<-kdf algorithm>] +[B<-kdflen length>] [B<-pkeyopt opt:value>] [B<-hexdump>] [B<-asn1parse>] @@ -119,6 +121,15 @@ decrypt the input data using a private key. derive a shared secret using the peer key. +=item B<-kdf algorithm> + +Use key derivation function B<algorithm>. Note: additional paramers +will normally have to be set and the KDF output length for this to work. + +=item B<-kdflen length> + +Set the ouput length for KDF. + =item B<-pkeyopt opt:value> Public key options specified as opt:value. See NOTES below for more details. @@ -249,6 +260,12 @@ Derive a shared secret value: openssl pkeyutl -derive -inkey key.pem -peerkey pubkey.pem -out secret +Hexdump 48 bytes of TLS1 PRF using digest B<SHA256> and shared secret and +seed consisting of the single byte 0xFF. + + openssl pkeyutl -kdf TLS1-PRF -kdflen 48 -pkeyopt md:SHA256 \ + -pkeyopt hexsecret:ff -pkeyopt hexseed:ff -hexdump + =head1 SEE ALSO L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)> |