EVP_PKEY-EC.pod - OpenGrok cross reference for /third_party/openssl/doc/man7/EVP

Lines Matching +full:fips +full:- +full:provider +full:- +full:validation
5 EVP_PKEY-EC,
6 EVP_KEYMGMT-EC
7 - EVP_PKEY EC keytype and algorithm support
11 The B<EC> keytype is implemented in OpenSSL's default provider.
17 used that specify "field-type", "p", "a", "b", "generator" and "order".
23 built-in EC algorithm:
31 =item "field-type" (B<OSSL_PKEY_PARAM_EC_FIELD_TYPE>) <UTF8 string>
33 The value should be either "prime-field" or "characteristic-two-field",
39 represents the irreducible polynomial - each bit represents a term in the
67 I<order> - 1.
71 =item  "decoded-from-explicit" (B<OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS>) <integer>
76 =item "use-cofactor-flag" (B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH>) <integer>
87 =item "point-format" (B<OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT>) <UTF8 string>
93 =item "group-check" (B<OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE>) <UTF8 string>
96 Valid values are "default", "named" and "named-nist".
98 "named-nist" is similiar but also checks that the named curve is a nist curve.
99 The "default" type does domain parameter validation for the OpenSSL default provider,
100 but is equivalent to "named-nist" for the OpenSSL FIPS provider.
102 =item "include-public" (B<OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC>) <integer>
107 See also L<EVP_KEYEXCH-ECDH(7)> for the related
109 per-operation basis.
121 =item "encoded-pub-key" (B<OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY>) <octet string>
142 The following Gettable types are also available for the built-in EC algorithm:
146 =item "basis-type" (B<OSSL_PKEY_PARAM_EC_CHAR2_TYPE>) <UTF8 string>
172 =head2 EC key validation
175 For the OpenSSL default provider it uses either
178 The OpenSSL FIPS provider uses L<EC_GROUP_check_named_curve(3)> in order to
179 conform to SP800-56Ar3 I<Assurances of Domain-Parameter Validity>.
185 conform to SP800-56Ar3 I<ECC Full Public-Key Validation> and
186 I<ECC Partial Public-Key Validation> respectively.
189 conform to SP800-56Ar3 I<Private key validity> and
190 I<Owner Assurance of Pair-wise Consistency> respectively.
199 An B<EVP_PKEY> ECDSA or ECDH key can be generated with a "P-256" named group by
202     pkey = EVP_EC_gen("P-256");
214                                                  "P-256", 0);
225 An B<EVP_PKEY> EC CDH (Cofactor Diffie-Hellman) key can be generated with a
226 "K-571" named group by calling:
237                                                  "K-571", 0);
239      * This curve has a cofactor that is not 1 - so setting CDH mode changes
240      * the behaviour. For many curves the cofactor is 1 - so setting this has
259 L<provider-keymgmt(7)>,
260 L<EVP_SIGNATURE-ECDSA(7)>,
261 L<EVP_KEYEXCH-ECDH(7)>
265 Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.