summaryrefslogtreecommitdiffstats
path: root/doc/man1/pkeyutl.pod
diff options
context:
space:
mode:
Diffstat (limited to 'doc/man1/pkeyutl.pod')
-rw-r--r--doc/man1/pkeyutl.pod26
1 files changed, 26 insertions, 0 deletions
diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod
index ceb9de34b4..6fc0325464 100644
--- a/doc/man1/pkeyutl.pod
+++ b/doc/man1/pkeyutl.pod
@@ -221,6 +221,32 @@ sets the salt length to the maximum permissible value. When verifying -2 causes
the salt length to be automatically determined based on the B<PSS> block
structure.
+=item B<rsa_mgf1_md:digest>
+
+For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not
+explicitly set in PSS mode then the signing digest is used.
+
+=back
+
+=head1 RSA-PSS ALGORITHM
+
+The RSA-PSS algorithm is a restricted version of the RSA algorithm which only
+supports the sign and verify operations with PSS padding. The following
+additional B<pkeyopt> values are supported:
+
+=over 4
+
+=item B<rsa_padding_mode:mode>, B<rsa_pss_saltlen:len>, B<rsa_mgf1_md:digest>
+
+These have the same meaning as the B<RSA> algorithm with some additional
+restrictions. The padding mode can only be set to B<pss> which is the
+default value.
+
+If the key has parameter restrictions than the digest, MGF1
+digest and salt length are set to the values specified in the parameters.
+The digest and MG cannot be changed and the salt length cannot be set to a
+value less than the minimum restriction.
+
=back
=head1 DSA ALGORITHM
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 13:52:53 +0000