diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-03-20 13:49:08 +0100 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-05-11 12:46:42 +0200 |
commit | f925315203f77d0241183ccabfc784d259b0a152 (patch) | |
tree | 2d92c75d7e19d48de1ed8da32b724b3603f5a3c6 /doc/man7 | |
parent | 6dbb277627de86578577185084378135605d2df1 (diff) |
Add convenience functions and macros for asymmetric key generation
Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen().
Also export auxiliary function OSSL_EC_curve_nid2name()
and improve deprecation info on RSA and EC key generation/management functions.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14695)
Diffstat (limited to 'doc/man7')
-rw-r--r-- | doc/man7/EVP_PKEY-DH.pod | 6 | ||||
-rw-r--r-- | doc/man7/EVP_PKEY-DSA.pod | 4 | ||||
-rw-r--r-- | doc/man7/EVP_PKEY-EC.pod | 9 | ||||
-rw-r--r-- | doc/man7/EVP_PKEY-RSA.pod | 12 | ||||
-rw-r--r-- | doc/man7/EVP_PKEY-X25519.pod | 20 | ||||
-rw-r--r-- | doc/man7/crypto.pod | 2 |
6 files changed, 24 insertions, 29 deletions
diff --git a/doc/man7/EVP_PKEY-DH.pod b/doc/man7/EVP_PKEY-DH.pod index c5ba90ec8c..9da5d9c6ef 100644 --- a/doc/man7/EVP_PKEY-DH.pod +++ b/doc/man7/EVP_PKEY-DH.pod @@ -154,7 +154,7 @@ A B<DH> key can be generated with a named safe prime group by calling: EVP_PKEY_keygen_init(pctx); EVP_PKEY_CTX_set_params(pctx, params); - EVP_PKEY_gen(pctx, &pkey); + EVP_PKEY_generate(pctx, &pkey); ... EVP_PKEY_free(key); EVP_PKEY_CTX_free(pctx); @@ -179,7 +179,7 @@ B<DHX> domain parameters can be generated according to B<FIPS 186-4> by calling: params[5] = OSSL_PARAM_construct_end(); EVP_PKEY_CTX_set_params(pctx, params); - EVP_PKEY_gen(pctx, ¶m_key); + EVP_PKEY_generate(pctx, ¶m_key); EVP_PKEY_print_params(bio_out, param_key, 0, NULL); ... @@ -192,7 +192,7 @@ A B<DH> key can be generated using domain parameters by calling: EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL); EVP_PKEY_keygen_init(gctx); - EVP_PKEY_gen(gctx, &key); + EVP_PKEY_generate(gctx, &key); EVP_PKEY_print_private(bio_out, key, 0, NULL); ... EVP_PKEY_free(key); diff --git a/doc/man7/EVP_PKEY-DSA.pod b/doc/man7/EVP_PKEY-DSA.pod index 119d4b893a..6a335510d3 100644 --- a/doc/man7/EVP_PKEY-DSA.pod +++ b/doc/man7/EVP_PKEY-DSA.pod @@ -54,7 +54,7 @@ The B<DSA> domain parameters can be generated by calling: params[4] = OSSL_PARAM_construct_end(); EVP_PKEY_CTX_set_params(pctx, params); - EVP_PKEY_gen(pctx, ¶m_key); + EVP_PKEY_generate(pctx, ¶m_key); EVP_PKEY_CTX_free(pctx); EVP_PKEY_print_params(bio_out, param_key, 0, NULL); @@ -66,7 +66,7 @@ A B<DSA> key can be generated using domain parameters by calling: gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL); EVP_PKEY_keygen_init(gctx); - EVP_PKEY_gen(gctx, &key); + EVP_PKEY_generate(gctx, &key); EVP_PKEY_CTX_free(gctx); EVP_PKEY_print_private(bio_out, key, 0, NULL); diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod index 839d18a894..6dfc1f16ae 100644 --- a/doc/man7/EVP_PKEY-EC.pod +++ b/doc/man7/EVP_PKEY-EC.pod @@ -159,6 +159,10 @@ An B<EVP_PKEY> context can be obtained by calling: An B<EVP_PKEY> ECDSA or ECDH key can be generated with a "P-256" named group by calling: + pkey = EVP_EC_gen("P-256"); + +or like this: + EVP_PKEY *key = NULL; OSSL_PARAM params[2]; EVP_PKEY_CTX *gctx = @@ -171,7 +175,7 @@ calling: params[1] = OSSL_PARAM_construct_end(); EVP_PKEY_CTX_set_params(gctx, params); - EVP_PKEY_gen(gctx, &key); + EVP_PKEY_generate(gctx, &key); EVP_PKEY_print_private(bio_out, key, 0, NULL); ... @@ -201,7 +205,7 @@ An B<EVP_PKEY> EC CDH (Cofactor Diffie-Hellman) key can be generated with a params[2] = OSSL_PARAM_construct_end(); EVP_PKEY_CTX_set_params(gctx, params); - EVP_PKEY_gen(gctx, &key); + EVP_PKEY_generate(gctx, &key); EVP_PKEY_print_private(bio_out, key, 0, NULL); ... EVP_PKEY_free(key); @@ -209,6 +213,7 @@ An B<EVP_PKEY> EC CDH (Cofactor Diffie-Hellman) key can be generated with a =head1 SEE ALSO +L<EVP_EC_gen(3)>, L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>, diff --git a/doc/man7/EVP_PKEY-RSA.pod b/doc/man7/EVP_PKEY-RSA.pod index 428aa613a2..ec1e5777d7 100644 --- a/doc/man7/EVP_PKEY-RSA.pod +++ b/doc/man7/EVP_PKEY-RSA.pod @@ -202,14 +202,18 @@ An B<EVP_PKEY> context can be obtained by calling: EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); -An B<RSA> key can be generated like this: +An B<RSA> key can be generated simply like this: + + pkey = EVP_RSA_gen(4096); + +or like this: EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); EVP_PKEY_keygen_init(pctx); - EVP_PKEY_gen(pctx, &pkey); + EVP_PKEY_generate(pctx, &pkey); EVP_PKEY_CTX_free(pctx); An B<RSA> key can be generated with key generation parameters: @@ -227,13 +231,13 @@ An B<RSA> key can be generated with key generation parameters: params[2] = OSSL_PARAM_construct_end(); EVP_PKEY_CTX_set_params(pctx, params); - EVP_PKEY_gen(pctx, &pkey); + EVP_PKEY_generate(pctx, &pkey); EVP_PKEY_print_private(bio_out, pkey, 0, NULL); EVP_PKEY_CTX_free(pctx); =head1 SEE ALSO -L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)> +L<EVP_RSA_gen(3)>, L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)> =head1 COPYRIGHT diff --git a/doc/man7/EVP_PKEY-X25519.pod b/doc/man7/EVP_PKEY-X25519.pod index 6fa75ba3c1..a597bc53be 100644 --- a/doc/man7/EVP_PKEY-X25519.pod +++ b/doc/man7/EVP_PKEY-X25519.pod @@ -84,25 +84,11 @@ An B<EVP_PKEY> context can be obtained by calling: EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "ED448", NULL); -An B<ED25519> key can be generated like this: +An B<X25519> key can be generated like this: - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *pctx = - EVP_PKEY_CTX_new_from_name(NULL, "ED25519", NULL); - - EVP_PKEY_keygen_init(pctx); - EVP_PKEY_gen(pctx, &pkey); - EVP_PKEY_CTX_free(pctx); - -An B<X25519> key can be generated in a similar way: - - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *pctx = - EVP_PKEY_CTX_new_from_name(NULL, "X25519", NULL); + pkey = EVP_Q_keygen(NULL, NULL, "X25519"); - EVP_PKEY_keygen_init(pctx); - EVP_PKEY_gen(pctx, &pkey); - EVP_PKEY_CTX_free(pctx); +An B<X448>, B<ED25519>, or B<ED448> key can be generated likewise. =head1 SEE ALSO diff --git a/doc/man7/crypto.pod b/doc/man7/crypto.pod index 0200d0df96..9db62e5aab 100644 --- a/doc/man7/crypto.pod +++ b/doc/man7/crypto.pod @@ -422,7 +422,7 @@ For information on the OpenSSL configuration file format see L<config(5)>. =head1 ENCODING AND DECODING KEYS Many algorithms require the use of a key. Keys can be generated dynamically -using the EVP APIs (for example see L<EVP_PKEY_gen(3)>). However it is often +using the EVP APIs (for example see L<EVP_PKEY_Q_keygen(3)>). However it is often necessary to save or load keys (or their associated parameters) to or from some external format such as PEM or DER (see L<openssl-glossary(7)>). OpenSSL uses encoders and decoders to perform this task. |